aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch')
-rw-r--r--meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch89
1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
new file mode 100644
index 0000000000..05af65bad1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch
@@ -0,0 +1,89 @@
+Upstream-Status: Backport
+
+CVE-2014-8502 fix.
+
+[YOCTO #7084]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Oct 2014 15:42:56 +0000
+Subject: [PATCH] More fixes for corrupt binaries crashing the binutils.
+
+ PR binutils/17512
+ * elf.c (bfd_section_from_shdr): Allocate and free the recursion
+ detection table on a per-bfd basis.
+ * peXXigen.c (pe_print_edata): Handle binaries with a truncated
+ export table.
+---
+ bfd/ChangeLog | 8 ++++++++
+ bfd/elf.c | 16 +++++++++++++---
+ bfd/peXXigen.c | 9 +++++++++
+ 3 files changed, 30 insertions(+), 3 deletions(-)
+
+Index: binutils-2.24/bfd/peXXigen.c
+===================================================================
+--- binutils-2.24.orig/bfd/peXXigen.c
++++ binutils-2.24/bfd/peXXigen.c
+@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile
+ }
+ }
+
++ /* PR 17512: Handle corrupt PE binaries. */
++ if (datasize < 36)
++ {
++ fprintf (file,
++ _("\nThere is an export table in %s, but it is too small (%d)\n"),
++ section->name, (int) datasize);
++ return TRUE;
++ }
++
+ fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
+ section->name, (unsigned long) addr);
+
+Index: binutils-2.24/bfd/elf.c
+===================================================================
+--- binutils-2.24.orig/bfd/elf.c
++++ binutils-2.24/bfd/elf.c
+@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ const char *name;
+ bfd_boolean ret = TRUE;
+ static bfd_boolean * sections_being_created = NULL;
++ static bfd * sections_being_created_abfd = NULL;
+ static unsigned int nesting = 0;
+
+ if (shindex >= elf_numsections (abfd))
+@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ loop. Detect this here, by refusing to load a section that we are
+ already in the process of loading. We only trigger this test if
+ we have nested at least three sections deep as normal ELF binaries
+- can expect to recurse at least once. */
++ can expect to recurse at least once.
++
++ FIXME: It would be better if this array was attached to the bfd,
++ rather than being held in a static pointer. */
++
++ if (sections_being_created_abfd != abfd)
++ sections_being_created = NULL;
+
+ if (sections_being_created == NULL)
+ {
+ /* FIXME: It would be more efficient to attach this array to the bfd somehow. */
+ sections_being_created = (bfd_boolean *)
+ bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
++ sections_being_created_abfd = abfd;
+ }
+ if (sections_being_created [shindex])
+ {
+@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ if (sections_being_created)
+ sections_being_created [shindex] = FALSE;
+ if (-- nesting == 0)
++ {
+ sections_being_created = NULL;
++ sections_being_created_abfd = abfd;
++ }
+ return ret;
+ }
+