mirror of
https://git.yoctoproject.org/poky
synced 2026-02-12 11:43:04 +01:00
69df8dc63f
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] (From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c) (From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
76 lines
2.1 KiB
Diff
76 lines
2.1 KiB
Diff
Upstream-Status: Backport
|
|
|
|
CVE-2014-8504 fix.
|
|
|
|
[YOCTO #7084]
|
|
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
From 708d7d0d11f0f2d776171979aa3479e8e12a38a0 Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Tue, 28 Oct 2014 10:48:14 +0000
|
|
Subject: [PATCH] This patch fixes a flaw in the SREC parser which could cause
|
|
a stack overflow and potential secuiryt breach.
|
|
|
|
PR binutils/17510
|
|
* srec.c (srec_bad_byte): Increase size of buf to allow for
|
|
negative values.
|
|
(srec_scan): Use an unsigned char buffer to hold header bytes.
|
|
---
|
|
bfd/ChangeLog | 8 ++++++++
|
|
bfd/elf.c | 2 +-
|
|
bfd/peXXigen.c | 1 -
|
|
bfd/srec.c | 4 ++--
|
|
4 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
|
Index: binutils-2.24/bfd/ChangeLog
|
|
===================================================================
|
|
--- binutils-2.24.orig/bfd/ChangeLog
|
|
+++ binutils-2.24/bfd/ChangeLog
|
|
@@ -1,3 +1,11 @@
|
|
+2014-10-28 Andreas Schwab <schwab@suse.de>
|
|
+ Nick Clifton <nickc@redhat.com>
|
|
+
|
|
+ PR binutils/17510
|
|
+ * srec.c (srec_bad_byte): Increase size of buf to allow for
|
|
+ negative values.
|
|
+ (srec_scan): Use an unsigned char buffer to hold header bytes.
|
|
+
|
|
2014-10-30 Nick Clifton <nickc@redhat.com>
|
|
|
|
PR binutils/17512
|
|
Index: binutils-2.24/bfd/peXXigen.c
|
|
===================================================================
|
|
--- binutils-2.24.orig/bfd/peXXigen.c
|
|
+++ binutils-2.24/bfd/peXXigen.c
|
|
@@ -471,7 +471,6 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
|
|
a->NumberOfRvaAndSizes = 0;
|
|
}
|
|
|
|
-
|
|
for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
|
|
{
|
|
/* If data directory is empty, rva also should be 0. */
|
|
Index: binutils-2.24/bfd/srec.c
|
|
===================================================================
|
|
--- binutils-2.24.orig/bfd/srec.c
|
|
+++ binutils-2.24/bfd/srec.c
|
|
@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd,
|
|
}
|
|
else
|
|
{
|
|
- char buf[10];
|
|
+ char buf[40];
|
|
|
|
if (! ISPRINT (c))
|
|
sprintf (buf, "\\%03o", (unsigned int) c);
|
|
@@ -454,7 +454,7 @@ srec_scan (bfd *abfd)
|
|
case 'S':
|
|
{
|
|
file_ptr pos;
|
|
- char hdr[3];
|
|
+ unsigned char hdr[3];
|
|
unsigned int bytes, min_bytes;
|
|
bfd_vma address;
|
|
bfd_byte *data;
|