aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2014-12-26 08:51:53 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-12-27 09:16:08 +0000
commit859fb4d9ec6974be9ce755e4ffefd9b199f3604c (patch)
treeafd14b5d9be2167888fd4019341f58e05040cf80 /meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
parent564e6b34831556d720c5a9d1c6bc9e7758c77e53 (diff)
downloadopenembedded-core-contrib-859fb4d9ec6974be9ce755e4ffefd9b199f3604c.tar.gz
openembedded-core-contrib-859fb4d9ec6974be9ce755e4ffefd9b199f3604c.tar.bz2
openembedded-core-contrib-859fb4d9ec6974be9ce755e4ffefd9b199f3604c.zip
binutils: several security fixes
CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
new file mode 100644
index 0000000000..a48fe9b23b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch
@@ -0,0 +1,60 @@
+Upstream-Status: Backport
+
+CVE-2014-8501 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Oct 2014 14:45:06 +0000
+Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a
+ corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field
+ of the AOUT header.
+
+ PR binutils/17512
+ * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
+ with an invalid value for NumberOfRvaAndSizes.
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/peXXigen.c | 12 ++++++++++++
+ 2 files changed, 16 insertions(+)
+
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+ {
+ int idx;
+
++ /* PR 17512: Corrupt PE binaries can cause seg-faults. */
++ if (a->NumberOfRvaAndSizes > 16)
++ {
++ (*_bfd_error_handler)
++ (_("%B: aout header specifies an invalid number of data-directory entries: %d"),
++ abfd, a->NumberOfRvaAndSizes);
++ /* Paranoia: If the number is corrupt, then assume that the
++ actual entries themselves might be corrupt as well. */
++ a->NumberOfRvaAndSizes = 0;
++ }
++
++
+ for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+ {
+ /* If data directory is empty, rva also should be 0. */
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2014-10-27 Nick Clifton <nickc@redhat.com>
+
++ PR binutils/17512
++ * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
++ with an invalid value for NumberOfRvaAndSizes.
++
+ PR binutils/17510
+ * elf.c (setup_group): Improve handling of corrupt group
+ sections.