diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch | 177 |
1 files changed, 0 insertions, 177 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch deleted file mode 100644 index 4a84562201..0000000000 --- a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8737.patch +++ /dev/null @@ -1,177 +0,0 @@ -Upstream-Status: Backport - -CVE-2014-8737 fix. - -[YOCTO #7084] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -From dd9b91de2149ee81d47f708e7b0bbf57da10ad42 Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Thu, 6 Nov 2014 14:49:10 +0000 -Subject: [PATCH] Prevent archive memebers with illegal pathnames from being - extracted from an archive. - - PR binutils/17552, binutils/17533 - * bucomm.c (is_valid_archive_path): New function. Returns false - for absolute pathnames and pathnames that include /../. - * bucomm.h (is_valid_archive_path): Add prototype. - * ar.c (extract_file): Use new function to check for valid - pathnames when extracting files from an archive. - * objcopy.c (copy_archive): Likewise. - * doc/binutils.texi: Update documentation to mention the - limitation on pathname of archive members. ---- - binutils/ChangeLog | 16 ++++++++++++++-- - binutils/ar.c | 9 +++++++++ - binutils/bucomm.c | 26 ++++++++++++++++++++++++++ - binutils/bucomm.h | 12 ++++++++---- - binutils/doc/binutils.texi | 3 ++- - binutils/objcopy.c | 6 ++++++ - 6 files changed, 65 insertions(+), 7 deletions(-) - -Index: binutils-2.24/binutils/ar.c -=================================================================== ---- binutils-2.24.orig/binutils/ar.c -+++ binutils-2.24/binutils/ar.c -@@ -1031,6 +1031,15 @@ extract_file (bfd *abfd) - bfd_size_type size; - struct stat buf; - -+ /* PR binutils/17533: Do not allow directory traversal -+ outside of the current directory tree. */ -+ if (! is_valid_archive_path (bfd_get_filename (abfd))) -+ { -+ non_fatal (_("illegal pathname found in archive member: %s"), -+ bfd_get_filename (abfd)); -+ return; -+ } -+ - if (bfd_stat_arch_elt (abfd, &buf) != 0) - /* xgettext:c-format */ - fatal (_("internal stat error on %s"), bfd_get_filename (abfd)); -Index: binutils-2.24/binutils/bucomm.c -=================================================================== ---- binutils-2.24.orig/binutils/bucomm.c -+++ binutils-2.24/binutils/bucomm.c -@@ -624,3 +624,29 @@ bfd_get_archive_filename (const bfd *abf - bfd_get_filename (abfd)); - return buf; - } -+ -+/* Returns TRUE iff PATHNAME, a filename of an archive member, -+ is valid for writing. For security reasons absolute paths -+ and paths containing /../ are not allowed. See PR 17533. */ -+ -+bfd_boolean -+is_valid_archive_path (char const * pathname) -+{ -+ const char * n = pathname; -+ -+ if (IS_ABSOLUTE_PATH (n)) -+ return FALSE; -+ -+ while (*n) -+ { -+ if (*n == '.' && *++n == '.' && ( ! *++n || IS_DIR_SEPARATOR (*n))) -+ return FALSE; -+ -+ while (*n && ! IS_DIR_SEPARATOR (*n)) -+ n++; -+ while (IS_DIR_SEPARATOR (*n)) -+ n++; -+ } -+ -+ return TRUE; -+} -Index: binutils-2.24/binutils/bucomm.h -=================================================================== ---- binutils-2.24.orig/binutils/bucomm.h -+++ binutils-2.24/binutils/bucomm.h -@@ -23,6 +23,8 @@ - #ifndef _BUCOMM_H - #define _BUCOMM_H - -+/* In bucomm.c. */ -+ - /* Return the filename in a static buffer. */ - const char *bfd_get_archive_filename (const bfd *); - -@@ -58,20 +60,22 @@ bfd_vma parse_vma (const char *, const c - - off_t get_file_size (const char *); - -+bfd_boolean is_valid_archive_path (char const *); -+ - extern char *program_name; - --/* filemode.c */ -+/* In filemode.c. */ - void mode_string (unsigned long, char *); - --/* version.c */ -+/* In version.c. */ - extern void print_version (const char *); - --/* rename.c */ -+/* In rename.c. */ - extern void set_times (const char *, const struct stat *); - - extern int smart_rename (const char *, const char *, int); - --/* libiberty. */ -+/* In libiberty. */ - void *xmalloc (size_t); - - void *xrealloc (void *, size_t); -Index: binutils-2.24/binutils/doc/binutils.texi -=================================================================== ---- binutils-2.24.orig/binutils/doc/binutils.texi -+++ binutils-2.24/binutils/doc/binutils.texi -@@ -234,7 +234,8 @@ a normal archive. Instead the elements - individually to the second archive. - - The paths to the elements of the archive are stored relative to the --archive itself. -+archive itself. For security reasons absolute paths and paths with a -+@code{/../} component are not allowed. - - @cindex compatibility, @command{ar} - @cindex @command{ar} compatibility -Index: binutils-2.24/binutils/objcopy.c -=================================================================== ---- binutils-2.24.orig/binutils/objcopy.c -+++ binutils-2.24/binutils/objcopy.c -@@ -2206,6 +2206,12 @@ copy_archive (bfd *ibfd, bfd *obfd, cons - bfd_boolean del = TRUE; - bfd_boolean ok_object; - -+ /* PR binutils/17533: Do not allow directory traversal -+ outside of the current directory tree by archive members. */ -+ if (! is_valid_archive_path (bfd_get_filename (this_element))) -+ fatal (_("illegal pathname found in archive member: %s"), -+ bfd_get_filename (this_element)); -+ - /* Create an output file for this member. */ - output_name = concat (dir, "/", - bfd_get_filename (this_element), (char *) 0); -Index: binutils-2.24/binutils/ChangeLog -=================================================================== ---- binutils-2.24.orig/binutils/ChangeLog -+++ binutils-2.24/binutils/ChangeLog -@@ -1,3 +1,15 @@ -+2014-11-06 Nick Clifton <nickc@redhat.com> -+ -+ PR binutils/17552, binutils/17533 -+ * bucomm.c (is_valid_archive_path): New function. Returns false -+ for absolute pathnames and pathnames that include /../. -+ * bucomm.h (is_valid_archive_path): Add prototype. -+ * ar.c (extract_file): Use new function to check for valid -+ pathnames when extracting files from an archive. -+ * objcopy.c (copy_archive): Likewise. -+ * doc/binutils.texi: Update documentation to mention the -+ limitation on pathname of archive members. -+ - 2013-11-22 Cory Fields <cory@coryfields.com> - - * windres.c (define_resource): Use zero for timestamp, making |