diff options
author | Armin Kuster <akuster808@gmail.com> | 2014-12-26 08:51:53 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-12-27 22:53:40 +0000 |
commit | 6dde745bf90d9f9e52af3779df28879d91cbc64c (patch) | |
tree | d12c1b2cae393e4732c31fd503b4f0967921b3bb /meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch | |
parent | 508c95d9896ddfa892aa2e9a26a4508112658ad5 (diff) | |
download | ast2050-yocto-poky-6dde745bf90d9f9e52af3779df28879d91cbc64c.zip ast2050-yocto-poky-6dde745bf90d9f9e52af3779df28879d91cbc64c.tar.gz |
binutils: several security fixes
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
and one supporting patch.
[Yocto # 7084]
(From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch new file mode 100644 index 0000000..a48fe9b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8501.patch @@ -0,0 +1,60 @@ +Upstream-Status: Backport + +CVE-2014-8501 fix. + +[YOCTO #7084] + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +From 7e1e19887abd24aeb15066b141cdff5541e0ec8e Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Mon, 27 Oct 2014 14:45:06 +0000 +Subject: [PATCH] Fix a seg-fault in strings and other binutuils when parsing a + corrupt PE executable with an invalid value in the NumberOfRvaAndSizes field + of the AOUT header. + + PR binutils/17512 + * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries + with an invalid value for NumberOfRvaAndSizes. +--- + bfd/ChangeLog | 4 ++++ + bfd/peXXigen.c | 12 ++++++++++++ + 2 files changed, 16 insertions(+) + +Index: binutils-2.24/bfd/peXXigen.c +=================================================================== +--- binutils-2.24.orig/bfd/peXXigen.c ++++ binutils-2.24/bfd/peXXigen.c +@@ -460,6 +460,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, + { + int idx; + ++ /* PR 17512: Corrupt PE binaries can cause seg-faults. */ ++ if (a->NumberOfRvaAndSizes > 16) ++ { ++ (*_bfd_error_handler) ++ (_("%B: aout header specifies an invalid number of data-directory entries: %d"), ++ abfd, a->NumberOfRvaAndSizes); ++ /* Paranoia: If the number is corrupt, then assume that the ++ actual entries themselves might be corrupt as well. */ ++ a->NumberOfRvaAndSizes = 0; ++ } ++ ++ + for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++) + { + /* If data directory is empty, rva also should be 0. */ +Index: binutils-2.24/bfd/ChangeLog +=================================================================== +--- binutils-2.24.orig/bfd/ChangeLog ++++ binutils-2.24/bfd/ChangeLog +@@ -1,5 +1,9 @@ + 2014-10-27 Nick Clifton <nickc@redhat.com> + ++ PR binutils/17512 ++ * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries ++ with an invalid value for NumberOfRvaAndSizes. ++ + PR binutils/17510 + * elf.c (setup_group): Improve handling of corrupt group + sections. |