mirror of
https://git.yoctoproject.org/poky
synced 2026-03-01 04:49:40 +01:00
6dde745bf9
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] (From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
90 lines
2.9 KiB
Diff
90 lines
2.9 KiB
Diff
Upstream-Status: Backport
|
|
|
|
CVE-2014-8502 fix.
|
|
|
|
[YOCTO #7084]
|
|
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Tue, 28 Oct 2014 15:42:56 +0000
|
|
Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
|
|
|
|
PR binutils/17512
|
|
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
|
|
detection table on a per-bfd basis.
|
|
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
|
|
export table.
|
|
---
|
|
bfd/ChangeLog | 8 ++++++++
|
|
bfd/elf.c | 16 +++++++++++++---
|
|
bfd/peXXigen.c | 9 +++++++++
|
|
3 files changed, 30 insertions(+), 3 deletions(-)
|
|
|
|
Index: binutils-2.24/bfd/peXXigen.c
|
|
===================================================================
|
|
--- binutils-2.24.orig/bfd/peXXigen.c
|
|
+++ binutils-2.24/bfd/peXXigen.c
|
|
@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
|
|
}
|
|
}
|
|
|
|
+ /* PR 17512: Handle corrupt PE binaries. */
|
|
+ if (datasize < 36)
|
|
+ {
|
|
+ fprintf (file,
|
|
+ _("\nThere is an export table in %s, but it is too small (%d)\n"),
|
|
+ section->name, (int) datasize);
|
|
+ return TRUE;
|
|
+ }
|
|
+
|
|
fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
|
|
section->name, (unsigned long) addr);
|
|
|
|
Index: binutils-2.24/bfd/elf.c
|
|
===================================================================
|
|
--- binutils-2.24.orig/bfd/elf.c
|
|
+++ binutils-2.24/bfd/elf.c
|
|
@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
|
|
const char *name;
|
|
bfd_boolean ret = TRUE;
|
|
static bfd_boolean * sections_being_created = NULL;
|
|
+ static bfd * sections_being_created_abfd = NULL;
|
|
static unsigned int nesting = 0;
|
|
|
|
if (shindex >= elf_numsections (abfd))
|
|
@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
|
|
loop. Detect this here, by refusing to load a section that we are
|
|
already in the process of loading. We only trigger this test if
|
|
we have nested at least three sections deep as normal ELF binaries
|
|
- can expect to recurse at least once. */
|
|
+ can expect to recurse at least once.
|
|
+
|
|
+ FIXME: It would be better if this array was attached to the bfd,
|
|
+ rather than being held in a static pointer. */
|
|
+
|
|
+ if (sections_being_created_abfd != abfd)
|
|
+ sections_being_created = NULL;
|
|
|
|
if (sections_being_created == NULL)
|
|
{
|
|
/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
|
|
sections_being_created = (bfd_boolean *)
|
|
bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
|
|
+ sections_being_created_abfd = abfd;
|
|
}
|
|
if (sections_being_created [shindex])
|
|
{
|
|
@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
|
|
if (sections_being_created)
|
|
sections_being_created [shindex] = FALSE;
|
|
if (-- nesting == 0)
|
|
+ {
|
|
sections_being_created = NULL;
|
|
+ sections_being_created_abfd = abfd;
|
|
+ }
|
|
return ret;
|
|
}
|
|
|