mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-21 08:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b2ba41b57550aa912da93b4aef789ff562a67fce
poky/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch
Armin Kuster 7c0d759c55 binutils: several security fixes 
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737

and one supporting patch.

[Yocto # 7084]

(From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c)

(From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba)

(From OE-Core rev: 2343cdb81ddef875dc3d52b07565b4ce9b3a14a4)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-10 11:54:04 +00:00

103 lines
3.2 KiB
Diff
Raw Blame History

Upstream-Status: Backport
CVE-2014-8485 fix.
[YOCTO #7084]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 27 Oct 2014 12:43:16 +0000
Subject: [PATCH] This patch closes a potential security hole in applications
that use the bfd library to parse binaries containing maliciously corrupt
section group headers.
PR binutils/17510
* elf.c (setup_group): Improve handling of corrupt group
sections.
---
bfd/ChangeLog | 6 ++++++
bfd/elf.c | 34 ++++++++++++++++++++++++++++++----
2 files changed, 36 insertions(+), 4 deletions(-)
Index: binutils-2.24/bfd/elf.c
===================================================================
--- binutils-2.24.orig/bfd/elf.c
+++ binutils-2.24/bfd/elf.c
@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd
if (shdr->contents == NULL)
{
_bfd_error_handler
- (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
bfd_set_error (bfd_error_bad_value);
- return FALSE;
+ -- num_group;
+ continue;
}
memset (shdr->contents, 0, amt);
@@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd
if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
|| (bfd_bread (shdr->contents, shdr->sh_size, abfd)
!= shdr->sh_size))
- return FALSE;
+ {
+ _bfd_error_handler
+ (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ bfd_set_error (bfd_error_bad_value);
+ -- num_group;
+ /* PR 17510: If the group contents are even partially
+ corrupt, do not allow any of the contents to be used. */
+ memset (shdr->contents, 0, amt);
+ continue;
+ }
/* Translate raw contents, a flag word followed by an
array of elf section indices all in target byte order,
@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd
}
}
}
+
+ /* PR 17510: Corrupt binaries might contain invalid groups. */
+ if (num_group != (unsigned) elf_tdata (abfd)->num_group)
+ {
+ elf_tdata (abfd)->num_group = num_group;
+
+ /* If all groups are invalid then fail. */
+ if (num_group == 0)
+ {
+ elf_tdata (abfd)->group_sect_ptr = NULL;
+ elf_tdata (abfd)->num_group = num_group = -1;
+ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
+ bfd_set_error (bfd_error_bad_value);
+ }
+ }
}
}
@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd
{
(*_bfd_error_handler) (_("%B: no group info for section %A"),
abfd, newsect);
+ return FALSE;
}
return TRUE;
}
Index: binutils-2.24/bfd/ChangeLog
===================================================================
--- binutils-2.24.orig/bfd/ChangeLog
+++ binutils-2.24/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2014-10-27 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17510
+ * elf.c (setup_group): Improve handling of corrupt group
+ sections.
+
2014-08-29 Alan Modra <amodra@gmail.com>
* srec.c (srec_scan): Revert last change. Report an error for
Reference in New Issue View Git Blame Copy Permalink