about summary refs log tree commit diff
path: root/pkgs/development/tools/misc/binutils/CVE-2020-35448.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/tools/misc/binutils/CVE-2020-35448.patch')
-rw-r--r--pkgs/development/tools/misc/binutils/CVE-2020-35448.patch77
1 files changed, 0 insertions, 77 deletions
diff --git a/pkgs/development/tools/misc/binutils/CVE-2020-35448.patch b/pkgs/development/tools/misc/binutils/CVE-2020-35448.patch
deleted file mode 100644
index 2eba7b51849f5..0000000000000
--- a/pkgs/development/tools/misc/binutils/CVE-2020-35448.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 8642dafaef21aa6747cec01df1977e9c52eb4679 Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Fri, 4 Sep 2020 19:19:18 +0930
-Subject: [PATCH] PR26574, heap buffer overflow in
- _bfd_elf_slurp_secondary_reloc_section
-
-A horribly fuzzed object with section headers inside the ELF header.
-Disallow that, and crazy reloc sizes.
-
-	PR 26574
-	* elfcode.h (elf_object_p): Sanity check section header offset.
-	* elf.c (_bfd_elf_slurp_secondary_reloc_section): Sanity check
-	sh_entsize.
----
- bfd/elf.c     | 4 +++-
- bfd/elfcode.h | 8 ++++----
- 3 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/bfd/elf.c b/bfd/elf.c
-index ac2095f787d..5a02f8dc309 100644
---- a/bfd/elf.c
-+++ b/bfd/elf.c
-@@ -12576,7 +12576,9 @@ _bfd_elf_slurp_secondary_reloc_section (bfd *      abfd,
-       Elf_Internal_Shdr * hdr = & elf_section_data (relsec)->this_hdr;
- 
-       if (hdr->sh_type == SHT_SECONDARY_RELOC
--	  && hdr->sh_info == (unsigned) elf_section_data (sec)->this_idx)
-+	  && hdr->sh_info == (unsigned) elf_section_data (sec)->this_idx
-+	  && (hdr->sh_entsize == ebd->s->sizeof_rel
-+	      || hdr->sh_entsize == ebd->s->sizeof_rela))
- 	{
- 	  bfd_byte * native_relocs;
- 	  bfd_byte * native_reloc;
-diff --git a/bfd/elfcode.h b/bfd/elfcode.h
-index 2ed2f135c34..606ff64fd4d 100644
---- a/bfd/elfcode.h
-+++ b/bfd/elfcode.h
-@@ -571,7 +571,7 @@ elf_object_p (bfd *abfd)
- 
-   /* If this is a relocatable file and there is no section header
-      table, then we're hosed.  */
--  if (i_ehdrp->e_shoff == 0 && i_ehdrp->e_type == ET_REL)
-+  if (i_ehdrp->e_shoff < sizeof (x_ehdr) && i_ehdrp->e_type == ET_REL)
-     goto got_wrong_format_error;
- 
-   /* As a simple sanity check, verify that what BFD thinks is the
-@@ -581,7 +581,7 @@ elf_object_p (bfd *abfd)
-     goto got_wrong_format_error;
- 
-   /* Further sanity check.  */
--  if (i_ehdrp->e_shoff == 0 && i_ehdrp->e_shnum != 0)
-+  if (i_ehdrp->e_shoff < sizeof (x_ehdr) && i_ehdrp->e_shnum != 0)
-     goto got_wrong_format_error;
- 
-   ebd = get_elf_backend_data (abfd);
-@@ -618,7 +618,7 @@ elf_object_p (bfd *abfd)
-       && ebd->elf_osabi != ELFOSABI_NONE)
-     goto got_wrong_format_error;
- 
--  if (i_ehdrp->e_shoff != 0)
-+  if (i_ehdrp->e_shoff >= sizeof (x_ehdr))
-     {
-       file_ptr where = (file_ptr) i_ehdrp->e_shoff;
- 
-@@ -819,7 +819,7 @@ elf_object_p (bfd *abfd)
- 	}
-     }
- 
--  if (i_ehdrp->e_shstrndx != 0 && i_ehdrp->e_shoff != 0)
-+  if (i_ehdrp->e_shstrndx != 0 && i_ehdrp->e_shoff >= sizeof (x_ehdr))
-     {
-       unsigned int num_sec;
- 
--- 
-2.27.0
-
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-13 22:37:08 +0000