aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch75
1 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
new file mode 100644
index 00000000000..b4d1d1ff612
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Backport
+
+CVE-2014-8504 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 708d7d0d11f0f2d776171979aa3479e8e12a38a0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 10:48:14 +0000
+Subject: [PATCH] This patch fixes a flaw in the SREC parser which could cause
+ a stack overflow and potential secuiryt breach.
+
+ PR binutils/17510
+ * srec.c (srec_bad_byte): Increase size of buf to allow for
+ negative values.
+ (srec_scan): Use an unsigned char buffer to hold header bytes.
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/elf.c | 2 +-
+ bfd/peXXigen.c | 1 -
+ bfd/srec.c | 4 ++--
+ 4 files changed, 11 insertions(+), 4 deletions(-)
+
+Index: binutils-2.24/bfd/ChangeLog
+===================================================================
+--- binutils-2.24.orig/bfd/ChangeLog
++++ binutils-2.24/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2014-10-28 Andreas Schwab <schwab@suse.de>
++ Nick Clifton <nickc@redhat.com>
++
++ PR binutils/17510
++ * srec.c (srec_bad_byte): Increase size of buf to allow for
++ negative values.
++ (srec_scan): Use an unsigned char buffer to hold header bytes.
++
+ 2014-10-30 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -471,7 +471,6 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+ a->NumberOfRvaAndSizes = 0;
+ }
+
+-
+ for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+ {
+ /* If data directory is empty, rva also should be 0. */
+Index: binutils-2.24/bfd/srec.c
+===================================================================
+--- binutils-2.24.orig/bfd/srec.c
++++ binutils-2.24/bfd/srec.c
+@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd,
+ }
+ else
+ {
+- char buf[10];
++ char buf[40];
+
+ if (! ISPRINT (c))
+ sprintf (buf, "\\%03o", (unsigned int) c);
+@@ -454,7 +454,7 @@ srec_scan (bfd *abfd)
+ case 'S':
+ {
+ file_ptr pos;
+- char hdr[3];
++ unsigned char hdr[3];
+ unsigned int bytes, min_bytes;
+ bfd_vma address;
+ bfd_byte *data;