aboutsummaryrefslogtreecommitdiffstats
path: root/main/binutils/binutils-2.24-CVE-2014-8485.patch
blob: 705c74835b86edc9fb0a38f275c84de7c8d9b91c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
diff --git a/bfd/elf.c b/bfd/elf.c
index c884d1d..c8ac826 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 		  if (shdr->contents == NULL)
 		    {
 		      _bfd_error_handler
-			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
 		      bfd_set_error (bfd_error_bad_value);
-		      return FALSE;
+		      -- num_group;
+		      continue;
 		    }
 
 		  memset (shdr->contents, 0, amt);
@@ -618,8 +619,17 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
 		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
 			  != shdr->sh_size))
-		    return FALSE;
-
+		    {
+		      _bfd_error_handler
+			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+		      bfd_set_error (bfd_error_bad_value);
+		      -- num_group;
+		      /* PR 17510: If the group contents are even partially
+			 corrupt, do not allow any of the contents to be used.  */
+		      memset (shdr->contents, 0, amt);
+		      continue;
+		    }
+		  
 		  /* Translate raw contents, a flag word followed by an
 		     array of elf section indices all in target byte order,
 		     to the flag word followed by an array of elf section
@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 		    }
 		}
 	    }
+
+	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
+	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
+	    {
+	      elf_tdata (abfd)->num_group = num_group;
+
+	      /* If all groups are invalid then fail.  */
+	      if (num_group == 0)
+		{
+		  elf_tdata (abfd)->group_sect_ptr = NULL;
+		  elf_tdata (abfd)->num_group = num_group = -1;
+		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
+		  bfd_set_error (bfd_error_bad_value);
+		}
+	    }
 	}
     }
 
@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
     {
       (*_bfd_error_handler) (_("%B: no group info for section %A"),
 			     abfd, newsect);
+      return FALSE;
     }
   return TRUE;
 }
-- 
1.7.1