~ubuntu-branches/ubuntu/hoary/binutils/hoary-security

« back to all changes in this revision

Viewing changes to debian/patches/500_security_bfd_overflow.dpatch

Committer: Bazaar Package Importer
Author(s): Martin Pitt
Date: 2005-05-27 13:27:13 UTC
Revision ID: james.westby@ubuntu.com-20050527132713-texxzd820u1k053l

Tags: 2.15-5ubuntu2.2

Removed the additional checks from 500_security_bfd_overflow.dpatch since
it broke compilers. (Ubuntu #11249)

files added:
debian/patches/500_security_bfd_overflow.dpatch

files modified:
debian/changelog

debian/patches/00list

Show diffs side-by-side

added added

removed removed

debian/patches/500_security_bfd_overflow.dpatch

#! /bin/sh -e

## 123_bfd_overflow_fix.dpatch

## DP: Description: Fix overflows in BFD ELF parsing code. (#308625)

## DP: Author: Alan Modra

## DP: Upstream status: Committed to trunk.

## DP: Date: 2005-05-09

## DP: URL: http://sources.redhat.com/ml/binutils/2005-05/msg00336.html

if [ $# -lt 1 ]; then

echo "`basename $0`: script expects -patch|-unpatch as argument" >&2

exit 1

[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts

patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"

case "$1" in

-patch) patch -p1 ${patch_opts} < $0;;

-unpatch) patch -R -p1 ${patch_opts} < $0;;

echo "`basename $0`: script expects -patch|-unpatch as argument" >&2

exit 1;;

esac

exit 0

@DPATCH@

diff -urNad binutils-2.15/bfd/elfcode.h /tmp/dpep.8QipP1/binutils-2.15/bfd/elfcode.h

--- binutils-2.15/bfd/elfcode.h 2004-05-17 20:36:02.000000000 +0100

+++ /tmp/dpep.8QipP1/binutils-2.15/bfd/elfcode.h 2005-05-21 20:18:52.355469043 +0100

@@ -611,8 +611,13 @@

if (i_ehdrp->e_shoff != 0)

{

+ bfd_signed_vma where = i_ehdrp->e_shoff;

+ if (where != (file_ptr) where)

+ goto got_wrong_format_error;

/* Seek to the section header table in the file. */

- if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0)

+ if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)

goto got_no_match;

/* Read the first section header at index 0, and convert to internal

@@ -624,13 +629,50 @@

/* If the section count is zero, the actual count is in the first

section header. */

if (i_ehdrp->e_shnum == SHN_UNDEF)

- i_ehdrp->e_shnum = i_shdr.sh_size;

+ {

+ i_ehdrp->e_shnum = i_shdr.sh_size;

+ if (i_ehdrp->e_shnum != i_shdr.sh_size)

+ goto got_wrong_format_error;

+ }

/* And similarly for the string table index. */

if (i_ehdrp->e_shstrndx == SHN_XINDEX)

- i_ehdrp->e_shstrndx = i_shdr.sh_link;

+ {

+ i_ehdrp->e_shstrndx = i_shdr.sh_link;

+ if (i_ehdrp->e_shstrndx != i_shdr.sh_link)

+ goto got_wrong_format_error;

+ }

+ /* Sanity check that we can read all of the section headers.

+ It ought to be good enough to just read the last one. */

+ if (i_ehdrp->e_shnum != 1)

+ {

+ /* Check that we don't have a totally silly number of sections. */

+ if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr))

+ goto got_wrong_format_error;

+ where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr);

+ if (where != (file_ptr) where)

+ goto got_wrong_format_error;

+ if ((bfd_size_type) where <= i_ehdrp->e_shoff)

+ goto got_wrong_format_error;

+ if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)

+ goto got_no_match;

+ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))

+ goto got_no_match;

+ /* Back to where we were. */

+ where = i_ehdrp->e_shoff + sizeof (x_shdr);

+ if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0)

+ goto got_no_match;

+ }

}

+ /* A further sanity check. */

+ if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum)

+ goto got_wrong_format_error;

/* Allocate space for a copy of the section header table in

internal form. */

if (i_ehdrp->e_shnum != 0)

Older »