diff options
author | Armin Kuster <akuster808@gmail.com> | 2014-12-26 08:51:53 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-12-27 09:16:08 +0000 |
commit | 859fb4d9ec6974be9ce755e4ffefd9b199f3604c (patch) | |
tree | afd14b5d9be2167888fd4019341f58e05040cf80 /meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch | |
parent | 564e6b34831556d720c5a9d1c6bc9e7758c77e53 (diff) | |
download | openembedded-core-contrib-859fb4d9ec6974be9ce755e4ffefd9b199f3604c.tar.gz |
binutils: several security fixes
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
and one supporting patch.
[Yocto # 7084]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch new file mode 100644 index 0000000000..a48fe9b23b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch @@ -0,0 +1,60 @@ +Upstream-Status: Backport + +CVE-2014-8501 fix. + +[YOCTO #7084] + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 27 Oct 2014 14:45:06 +0000 +Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a + corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field + of the AOUT header. + + PR binutils/17512 + * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries + with an invalid value for NumberOfRvaAndSizes. +--- + bfd/ChangeLog | 4 ++++ + bfd/peXXigen.c | 12 ++++++++++++ + 2 files changed, 16 insertions(+) + +Index: binutils-2.24/bfd/peXXigen.c +=================================================================== +--- binutils-2.24.orig/bfd/peXXigen.c ++++ binutils-2.24/bfd/peXXigen.c +@@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, + { + int idx; + ++ /* PR 17512: Corrupt PE binaries can cause seg-faults. */ ++ if (a->NumberOfRvaAndSizes > 16) ++ { ++ (*_bfd_error_handler) ++ (_("%B: aout header specifies an invalid number of data-directory entries: %d"), ++ abfd, a->NumberOfRvaAndSizes); ++ /* Paranoia: If the number is corrupt, then assume that the ++ actual entries themselves might be corrupt as well. */ ++ a->NumberOfRvaAndSizes = 0; ++ } ++ ++ + for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++) + { + /* If data directory is empty, rva also should be 0. */ +Index: binutils-2.24/bfd/ChangeLog +=================================================================== +--- binutils-2.24.orig/bfd/ChangeLog ++++ binutils-2.24/bfd/ChangeLog +@@ -1,5 +1,9 @@ + 2014-10-27 Nick Clifton <nickc@redhat.com> + ++ PR binutils/17512 ++ * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries ++ with an invalid value for NumberOfRvaAndSizes. ++ + PR binutils/17510 + * elf.c (setup_group): Improve handling of corrupt group + sections. |