summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch75
1 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
new file mode 100644
index 0000000000..b4d1d1ff61
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
@@ -0,0 +1,75 @@
1Upstream-Status: Backport
2
3CVE-2014-8504 fix.
4
5[YOCTO #7084]
6
7Signed-off-by: Armin Kuster <akuster808@gmail.com>
8
9From 708d7d0d11f0f2d776171979aa3479e8e12a38a0 Mon Sep 17 00:00:00 2001
10From: Nick Clifton <nickc@redhat.com>
11Date: Tue, 28 Oct 2014 10:48:14 +0000
12Subject: [PATCH] This patch fixes a flaw in the SREC parser which could cause
13 a stack overflow and potential secuiryt breach.
14
15 PR binutils/17510
16 * srec.c (srec_bad_byte): Increase size of buf to allow for
17 negative values.
18 (srec_scan): Use an unsigned char buffer to hold header bytes.
19---
20 bfd/ChangeLog | 8 ++++++++
21 bfd/elf.c | 2 +-
22 bfd/peXXigen.c | 1 -
23 bfd/srec.c | 4 ++--
24 4 files changed, 11 insertions(+), 4 deletions(-)
25
26Index: binutils-2.24/bfd/ChangeLog
27===================================================================
28--- binutils-2.24.orig/bfd/ChangeLog
29+++ binutils-2.24/bfd/ChangeLog
30@@ -1,3 +1,11 @@
31+2014-10-28 Andreas Schwab <schwab@suse.de>
32+ Nick Clifton <nickc@redhat.com>
33+
34+ PR binutils/17510
35+ * srec.c (srec_bad_byte): Increase size of buf to allow for
36+ negative values.
37+ (srec_scan): Use an unsigned char buffer to hold header bytes.
38+
39 2014-10-30 Nick Clifton <nickc@redhat.com>
40
41 PR binutils/17512
42Index: binutils-2.24/bfd/peXXigen.c
43===================================================================
44--- binutils-2.24.orig/bfd/peXXigen.c
45+++ binutils-2.24/bfd/peXXigen.c
46@@ -471,7 +471,6 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
47 a->NumberOfRvaAndSizes = 0;
48 }
49
50-
51 for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
52 {
53 /* If data directory is empty, rva also should be 0. */
54Index: binutils-2.24/bfd/srec.c
55===================================================================
56--- binutils-2.24.orig/bfd/srec.c
57+++ binutils-2.24/bfd/srec.c
58@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd,
59 }
60 else
61 {
62- char buf[10];
63+ char buf[40];
64
65 if (! ISPRINT (c))
66 sprintf (buf, "\\%03o", (unsigned int) c);
67@@ -454,7 +454,7 @@ srec_scan (bfd *abfd)
68 case 'S':
69 {
70 file_ptr pos;
71- char hdr[3];
72+ unsigned char hdr[3];
73 unsigned int bytes, min_bytes;
74 bfd_vma address;
75 bfd_byte *data;