diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch new file mode 100644 index 0000000000..ec3308b4f4 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch | |||
@@ -0,0 +1,102 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | CVE-2014-8485 fix. | ||
4 | |||
5 | [YOCTO #7084] | ||
6 | |||
7 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
8 | |||
9 | From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001 | ||
10 | From: Nick Clifton <nickc@redhat.com> | ||
11 | Date: Mon, 27 Oct 2014 12:43:16 +0000 | ||
12 | Subject: [PATCH] This patch closes a potential security hole in applications | ||
13 | that use the bfd library to parse binaries containing maliciously corrupt | ||
14 | section group headers. | ||
15 | |||
16 | PR binutils/17510 | ||
17 | * elf.c (setup_group): Improve handling of corrupt group | ||
18 | sections. | ||
19 | --- | ||
20 | bfd/ChangeLog | 6 ++++++ | ||
21 | bfd/elf.c | 34 ++++++++++++++++++++++++++++++---- | ||
22 | 2 files changed, 36 insertions(+), 4 deletions(-) | ||
23 | |||
24 | Index: binutils-2.24/bfd/elf.c | ||
25 | =================================================================== | ||
26 | --- binutils-2.24.orig/bfd/elf.c | ||
27 | +++ binutils-2.24/bfd/elf.c | ||
28 | @@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd | ||
29 | if (shdr->contents == NULL) | ||
30 | { | ||
31 | _bfd_error_handler | ||
32 | - (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); | ||
33 | + (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); | ||
34 | bfd_set_error (bfd_error_bad_value); | ||
35 | - return FALSE; | ||
36 | + -- num_group; | ||
37 | + continue; | ||
38 | } | ||
39 | |||
40 | memset (shdr->contents, 0, amt); | ||
41 | @@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd | ||
42 | if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 | ||
43 | || (bfd_bread (shdr->contents, shdr->sh_size, abfd) | ||
44 | != shdr->sh_size)) | ||
45 | - return FALSE; | ||
46 | + { | ||
47 | + _bfd_error_handler | ||
48 | + (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size); | ||
49 | + bfd_set_error (bfd_error_bad_value); | ||
50 | + -- num_group; | ||
51 | + /* PR 17510: If the group contents are even partially | ||
52 | + corrupt, do not allow any of the contents to be used. */ | ||
53 | + memset (shdr->contents, 0, amt); | ||
54 | + continue; | ||
55 | + } | ||
56 | |||
57 | /* Translate raw contents, a flag word followed by an | ||
58 | array of elf section indices all in target byte order, | ||
59 | @@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd | ||
60 | } | ||
61 | } | ||
62 | } | ||
63 | + | ||
64 | + /* PR 17510: Corrupt binaries might contain invalid groups. */ | ||
65 | + if (num_group != (unsigned) elf_tdata (abfd)->num_group) | ||
66 | + { | ||
67 | + elf_tdata (abfd)->num_group = num_group; | ||
68 | + | ||
69 | + /* If all groups are invalid then fail. */ | ||
70 | + if (num_group == 0) | ||
71 | + { | ||
72 | + elf_tdata (abfd)->group_sect_ptr = NULL; | ||
73 | + elf_tdata (abfd)->num_group = num_group = -1; | ||
74 | + (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd); | ||
75 | + bfd_set_error (bfd_error_bad_value); | ||
76 | + } | ||
77 | + } | ||
78 | } | ||
79 | } | ||
80 | |||
81 | @@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd | ||
82 | { | ||
83 | (*_bfd_error_handler) (_("%B: no group info for section %A"), | ||
84 | abfd, newsect); | ||
85 | + return FALSE; | ||
86 | } | ||
87 | return TRUE; | ||
88 | } | ||
89 | Index: binutils-2.24/bfd/ChangeLog | ||
90 | =================================================================== | ||
91 | --- binutils-2.24.orig/bfd/ChangeLog | ||
92 | +++ binutils-2.24/bfd/ChangeLog | ||
93 | @@ -1,3 +1,9 @@ | ||
94 | +2014-10-27 Nick Clifton <nickc@redhat.com> | ||
95 | + | ||
96 | + PR binutils/17510 | ||
97 | + * elf.c (setup_group): Improve handling of corrupt group | ||
98 | + sections. | ||
99 | + | ||
100 | 2014-08-29 Alan Modra <amodra@gmail.com> | ||
101 | |||
102 | * srec.c (srec_scan): Revert last change. Report an error for | ||