diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch deleted file mode 100644 index ec3308b4f4..0000000000 --- a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8485.patch +++ /dev/null @@ -1,102 +0,0 @@ -Upstream-Status: Backport - -CVE-2014-8485 fix. - -[YOCTO #7084] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -From 493a33860c71cac998f1a56d6d87d6faa801fbaa Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Mon, 27 Oct 2014 12:43:16 +0000 -Subject: [PATCH] This patch closes a potential security hole in applications - that use the bfd library to parse binaries containing maliciously corrupt - section group headers. - - PR binutils/17510 - * elf.c (setup_group): Improve handling of corrupt group - sections. ---- - bfd/ChangeLog | 6 ++++++ - bfd/elf.c | 34 ++++++++++++++++++++++++++++++---- - 2 files changed, 36 insertions(+), 4 deletions(-) - -Index: binutils-2.24/bfd/elf.c -=================================================================== ---- binutils-2.24.orig/bfd/elf.c -+++ binutils-2.24/bfd/elf.c -@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shd - if (shdr->contents == NULL) - { - _bfd_error_handler -- (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); -+ (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); - bfd_set_error (bfd_error_bad_value); -- return FALSE; -+ -- num_group; -+ continue; - } - - memset (shdr->contents, 0, amt); -@@ -618,7 +619,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd - if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 - || (bfd_bread (shdr->contents, shdr->sh_size, abfd) - != shdr->sh_size)) -- return FALSE; -+ { -+ _bfd_error_handler -+ (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size); -+ bfd_set_error (bfd_error_bad_value); -+ -- num_group; -+ /* PR 17510: If the group contents are even partially -+ corrupt, do not allow any of the contents to be used. */ -+ memset (shdr->contents, 0, amt); -+ continue; -+ } - - /* Translate raw contents, a flag word followed by an - array of elf section indices all in target byte order, -@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd - } - } - } -+ -+ /* PR 17510: Corrupt binaries might contain invalid groups. */ -+ if (num_group != (unsigned) elf_tdata (abfd)->num_group) -+ { -+ elf_tdata (abfd)->num_group = num_group; -+ -+ /* If all groups are invalid then fail. */ -+ if (num_group == 0) -+ { -+ elf_tdata (abfd)->group_sect_ptr = NULL; -+ elf_tdata (abfd)->num_group = num_group = -1; -+ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd); -+ bfd_set_error (bfd_error_bad_value); -+ } -+ } - } - } - -@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd - { - (*_bfd_error_handler) (_("%B: no group info for section %A"), - abfd, newsect); -+ return FALSE; - } - return TRUE; - } -Index: binutils-2.24/bfd/ChangeLog -=================================================================== ---- binutils-2.24.orig/bfd/ChangeLog -+++ binutils-2.24/bfd/ChangeLog -@@ -1,3 +1,9 @@ -+2014-10-27 Nick Clifton <nickc@redhat.com> -+ -+ PR binutils/17510 -+ * elf.c (setup_group): Improve handling of corrupt group -+ sections. -+ - 2014-08-29 Alan Modra <amodra@gmail.com> - - * srec.c (srec_scan): Revert last change. Report an error for |