1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
new file mode 100644
index 0000000000..05af65bad1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
+Upstream-Status: Backport
+CVE-2014-8502 fix.
+[YOCTO #7084]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 15:42:56 +0000
+Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
+        PR binutils/17512
+        * elf.c (bfd_section_from_shdr): Allocate and free the recursion
+        detection table on a per-bfd basis.
+        * peXXigen.c (pe_print_edata): Handle binaries with a truncated
+        export table.
+---
+ bfd/ChangeLog  |  8 ++++++++
+ bfd/elf.c      | 16 +++++++++++++---
+ bfd/peXXigen.c |  9 +++++++++
+ 3 files changed, 30 insertions(+), 3 deletions(-)
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
+++ binutils-2.24/bfd/peXXigen.c
+@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
+        }
+     }
+ 
+  /* PR 17512: Handle corrupt PE binaries.  */
+  if (datasize < 36)
+    {
+      fprintf (file,
+              _("\nThere is an export table in %s, but it is too small (%d)\n"),
+              section->name, (int) datasize);
+      return TRUE;
+    }
+
+   fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
+           section->name, (unsigned long) addr);
+ 
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
+++ binutils-2.24/bfd/elf.c
+@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   const char *name;
+   bfd_boolean ret = TRUE;
+   static bfd_boolean * sections_being_created = NULL;
+  static bfd * sections_being_created_abfd = NULL;
+   static unsigned int nesting = 0;
+ 
+   if (shindex >= elf_numsections (abfd))
+@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
+         loop.  Detect this here, by refusing to load a section that we are
+         already in the process of loading.  We only trigger this test if
+         we have nested at least three sections deep as normal ELF binaries
+-        can expect to recurse at least once.  */
+        can expect to recurse at least once.  
+     
+     FIXME: It would be better if this array was attached to the bfd,
+     rather than being held in a static pointer.  */
+     
+      if (sections_being_created_abfd != abfd)
+        sections_being_created = NULL;
+       
+       if (sections_being_created == NULL)
+        {
+          /* FIXME: It would be more efficient to attach this array to the bfd somehow.  */
+          sections_being_created = (bfd_boolean *)
+            bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
+        sections_being_created_abfd = abfd;
+        }
+       if (sections_being_created [shindex])
+        {
+@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
+   if (sections_being_created)
+     sections_being_created [shindex] = FALSE;
+   if (-- nesting == 0)
+  {
+     sections_being_created = NULL;
+    sections_being_created_abfd = abfd;
+  }
+   return ret;
+ }
+

diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch new file mode 100644 index 0000000000..05af65bad1 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
	1	Upstream-Status: Backport
	2
	3	CVE-2014-8502 fix.
	4
	5	[YOCTO #7084]
	6
	7	Signed-off-by: Armin Kuster <akuster808@gmail.com>
	8
	9	From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
	10	From: Nick Clifton <nickc@redhat.com>
	11	Date: Tue, 28 Oct 2014 15:42:56 +0000
	12	Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
	13
	14	PR binutils/17512
	15	* elf.c (bfd_section_from_shdr): Allocate and free the recursion
	16	detection table on a per-bfd basis.
	17	* peXXigen.c (pe_print_edata): Handle binaries with a truncated
	18	export table.
	19	---
	20	bfd/ChangeLog \| 8 ++++++++
	21	bfd/elf.c \| 16 +++++++++++++---
	22	bfd/peXXigen.c \| 9 +++++++++
	23	3 files changed, 30 insertions(+), 3 deletions(-)
	24
	25	Index: binutils-2.24/bfd/peXXigen.c
	26	===================================================================
	27	--- binutils-2.24.orig/bfd/peXXigen.c
	28	+++ binutils-2.24/bfd/peXXigen.c
	29	@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
	30	}
	31	}
	32
	33	+ /* PR 17512: Handle corrupt PE binaries. */
	34	+ if (datasize < 36)
	35	+ {
	36	+ fprintf (file,
	37	+ _("\nThere is an export table in %s, but it is too small (%d)\n"),
	38	+ section->name, (int) datasize);
	39	+ return TRUE;
	40	+ }
	41	+
	42	fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
	43	section->name, (unsigned long) addr);
	44
	45	Index: binutils-2.24/bfd/elf.c
	46	===================================================================
	47	--- binutils-2.24.orig/bfd/elf.c
	48	+++ binutils-2.24/bfd/elf.c
	49	@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
	50	const char *name;
	51	bfd_boolean ret = TRUE;
	52	static bfd_boolean * sections_being_created = NULL;
	53	+ static bfd * sections_being_created_abfd = NULL;
	54	static unsigned int nesting = 0;
	55
	56	if (shindex >= elf_numsections (abfd))
	57	@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
	58	loop. Detect this here, by refusing to load a section that we are
	59	already in the process of loading. We only trigger this test if
	60	we have nested at least three sections deep as normal ELF binaries
	61	- can expect to recurse at least once. */
	62	+ can expect to recurse at least once.
	63	+
	64	+ FIXME: It would be better if this array was attached to the bfd,
	65	+ rather than being held in a static pointer. */
	66	+
	67	+ if (sections_being_created_abfd != abfd)
	68	+ sections_being_created = NULL;
	69
	70	if (sections_being_created == NULL)
	71	{
	72	/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
	73	sections_being_created = (bfd_boolean *)
	74	bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
	75	+ sections_being_created_abfd = abfd;
	76	}
	77	if (sections_being_created [shindex])
	78	{
	79	@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
	80	if (sections_being_created)
	81	sections_being_created [shindex] = FALSE;
	82	if (-- nesting == 0)
	83	+ {
	84	sections_being_created = NULL;
	85	+ sections_being_created_abfd = abfd;
	86	+ }
	87	return ret;
	88	}
	89