diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch new file mode 100644 index 0000000000..b4d1d1ff61 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8504.patch @@ -0,0 +1,75 @@ +Upstream-Status: Backport + +CVE-2014-8504 fix. + +[YOCTO #7084] + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +From 708d7d0d11f0f2d776171979aa3479e8e12a38a0 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Tue, 28 Oct 2014 10:48:14 +0000 +Subject: [PATCH] This patch fixes a flaw in the SREC parser which could cause + a stack overflow and potential secuiryt breach. + + PR binutils/17510 + * srec.c (srec_bad_byte): Increase size of buf to allow for + negative values. + (srec_scan): Use an unsigned char buffer to hold header bytes. +--- + bfd/ChangeLog | 8 ++++++++ + bfd/elf.c | 2 +- + bfd/peXXigen.c | 1 - + bfd/srec.c | 4 ++-- + 4 files changed, 11 insertions(+), 4 deletions(-) + +Index: binutils-2.24/bfd/ChangeLog +=================================================================== +--- binutils-2.24.orig/bfd/ChangeLog ++++ binutils-2.24/bfd/ChangeLog +@@ -1,3 +1,11 @@ ++2014-10-28 Andreas Schwab <schwab@suse.de> ++ Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/17510 ++ * srec.c (srec_bad_byte): Increase size of buf to allow for ++ negative values. ++ (srec_scan): Use an unsigned char buffer to hold header bytes. ++ + 2014-10-30 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 +Index: binutils-2.24/bfd/peXXigen.c +=================================================================== +--- binutils-2.24.orig/bfd/peXXigen.c ++++ binutils-2.24/bfd/peXXigen.c +@@ -471,7 +471,6 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, + a->NumberOfRvaAndSizes = 0; + } + +- + for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++) + { + /* If data directory is empty, rva also should be 0. */ +Index: binutils-2.24/bfd/srec.c +=================================================================== +--- binutils-2.24.orig/bfd/srec.c ++++ binutils-2.24/bfd/srec.c +@@ -248,7 +248,7 @@ srec_bad_byte (bfd *abfd, + } + else + { +- char buf[10]; ++ char buf[40]; + + if (! ISPRINT (c)) + sprintf (buf, "\\%03o", (unsigned int) c); +@@ -454,7 +454,7 @@ srec_scan (bfd *abfd) + case 'S': + { + file_ptr pos; +- char hdr[3]; ++ unsigned char hdr[3]; + unsigned int bytes, min_bytes; + bfd_vma address; + bfd_byte *data; |