From 4f8e38c581b0bc63fd4ebc3f258f38c06e04a8d5 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Jul 05 2018 10:33:16 +0000
Subject: Fix potential memory exhaustion when parsing corrupt ELF files.

Resolves: #1597440

---

diff --git a/binutils-CVE-2018-13033.patch b/binutils-CVE-2018-13033.patch
new file mode 100644
index 0000000..4b8fed9
--- /dev/null
+++ b/binutils-CVE-2018-13033.patch
@@ -0,0 +1,18 @@
+--- binutils.orig/bfd/elf-attrs.c	2018-07-05 11:14:28.914603764 +0100
++++ binutils-2.29.1/bfd/elf-attrs.c	2018-07-05 11:14:58.249275811 +0100
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+   /* PR 17512: file: 2844a11d.  */
+   if (hdr->sh_size == 0)
+     return;
++  if (hdr->sh_size > bfd_get_file_size (abfd))
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
++			  abfd, hdr->bfd_section, (long long) hdr->sh_size);
++      bfd_set_error (bfd_error_invalid_operation);
++      return;
++    }
++
+   contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+   if (!contents)
+     return;
diff --git a/binutils.spec b/binutils.spec
index b753aa8..b6711a7 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -62,7 +62,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.29.1
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: GPLv3+
 Group: Development/Tools
 URL: https://sourceware.org/binutils
@@ -199,6 +199,10 @@ Patch19: binutils-ifunc-relocs-in-notes.patch
 # Lifetime: Fixed in 2.31.
 Patch20: binutils-debug-section-marking.patch
 
+# Purpose:  Fix a potential memory exhaustion attack using corrupt ELF files.
+# Lifetime: Fixed in 2.31.
+Patch21: binutils-CVE-2018-13033.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -344,6 +348,7 @@ using libelf instead of BFD.
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 
 # We cannot run autotools as there is an exact requirement of autoconf-2.59.
 
@@ -751,6 +756,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Thu Jul 05 2018 Nick Clifton  <nickc@redhat.com> 2.29.1-25
+- Fix potential memory exhaustion when parsing corrupt ELF files.  (#1597440)
+
 * Mon Jun 18 2018 Nick Clifton  <nickc@redhat.com> 2.29.1-24
 - When installing both ld.bfd and ld.gold, do not reset the current alternative if upgrading.  (#1592069)