From 0a29ea8a1e1a794d19ba9f23ccc2836379419e18 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 1 Aug 2019 03:15:42 -0500
Subject: system/binutils: patch multiple CVEs (#116)

---
 system/binutils/CVE-2019-9077.patch | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 system/binutils/CVE-2019-9077.patch

(limited to 'system/binutils/CVE-2019-9077.patch')

diff --git a/system/binutils/CVE-2019-9077.patch b/system/binutils/CVE-2019-9077.patch
new file mode 100644
index 000000000..de044e387
--- /dev/null
+++ b/system/binutils/CVE-2019-9077.patch
@@ -0,0 +1,33 @@
+From 7fc0c668f2aceb8582d74db1ad2528e2bba8a921 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 20 Feb 2019 17:03:47 +0000
+Subject: [PATCH] Fix a illegal memory access fault when parsing a corrupt MIPS
+ option section using readelf.
+
+	PR 24243
+	* readelf.c (process_mips_specific): Check for an options section
+	that is too small to even contain a single option.
+---
+ binutils/readelf.c | 6 ++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 54d165e..20ebacc 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -16187,6 +16187,12 @@ process_mips_specific (Filedata * filedata)
+ 	  error (_("No MIPS_OPTIONS header found\n"));
+ 	  return FALSE;
+ 	}
++      /* PR 24243  */
++      if (sect->sh_size < sizeof (* eopt))
++	{
++	  error (_("The MIPS options section is too small.\n"));
++	  return FALSE;
++	}
+ 
+       eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
+                                                 sect->sh_size, _("options"));
+-- 
+2.9.3
+
-- 
cgit v1.2.3-60-g2f50