Upstream-Status: Backport CVE-2014-8501 fix. [YOCTO #7084] Signed-off-by: Armin Kuster From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 27 Oct 2014 14:45:06 +0000 Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field of the AOUT header. PR binutils/17512 * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries with an invalid value for NumberOfRvaAndSizes. --- bfd/ChangeLog | 4 ++++ bfd/peXXigen.c | 12 ++++++++++++ 2 files changed, 16 insertions(+) Index: binutils-2.24/bfd/peXXigen.c =================================================================== --- binutils-2.24.orig/bfd/peXXigen.c +++ binutils-2.24/bfd/peXXigen.c @@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, { int idx; + /* PR 17512: Corrupt PE binaries can cause seg-faults. */ + if (a->NumberOfRvaAndSizes > 16) + { + (*_bfd_error_handler) + (_("%B: aout header specifies an invalid number of data-directory entries: %d"), + abfd, a->NumberOfRvaAndSizes); + /* Paranoia: If the number is corrupt, then assume that the + actual entries themselves might be corrupt as well. */ + a->NumberOfRvaAndSizes = 0; + } + + for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++) { /* If data directory is empty, rva also should be 0. */ Index: binutils-2.24/bfd/ChangeLog =================================================================== --- binutils-2.24.orig/bfd/ChangeLog +++ binutils-2.24/bfd/ChangeLog @@ -1,5 +1,9 @@ 2014-10-27 Nick Clifton + PR binutils/17512 + * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries + with an invalid value for NumberOfRvaAndSizes. + PR binutils/17510 * elf.c (setup_group): Improve handling of corrupt group sections.