commit 76800cba595efc3fe95a446c2d664e42ae4ee869
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Jun 15 12:08:57 2017 +0100

    Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
    
    	PR binutils/21579
    	* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.

Upstream-Status: CVE-2017-9745
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/vms-alpha.c
===================================================================
--- git.orig/bfd/vms-alpha.c	2017-09-21 16:08:57.863375204 +0530
+++ git/bfd/vms-alpha.c	2017-09-21 16:08:58.211377888 +0530
@@ -1801,14 +1801,8 @@
 
       ptr += 4;
 
-#if VMS_DEBUG
-      _bfd_vms_debug (4, "etir: %s(%d)\n",
-                      _bfd_vms_etir_name (cmd), cmd);
-      _bfd_hexdump (8, ptr, cmd_length - 4, 0);
-#endif
-
-      /* PR 21589: Check for a corrupt ETIR record.  */
-      if (cmd_length < 4)
+      /* PR 21589 and 21579: Check for a corrupt ETIR record.  */
+      if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
 	{
 	corrupt_etir:
 	  _bfd_error_handler (_("Corrupt ETIR record encountered"));
@@ -1816,6 +1810,12 @@
 	  return FALSE;
 	}
 
+#if VMS_DEBUG
+      _bfd_vms_debug (4, "etir: %s(%d)\n",
+                      _bfd_vms_etir_name (cmd), cmd);
+      _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+#endif
+
       switch (cmd)
         {
           /* Stack global
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-21 16:08:57.927375697 +0530
+++ git/bfd/ChangeLog	2017-09-21 16:11:35.192613756 +0530
@@ -81,6 +81,11 @@
        PR binutils/21581
        (ieee_archive_p): Likewise.
 
+2017-06-15  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21579
+       * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
 2017-06-14  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21589