diff options
author | coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> | 2015-06-04 06:38:22 -0300 |
---|---|---|
committer | coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> | 2015-06-04 06:38:22 -0300 |
commit | 00c476b594c415e80583ab285cd55dd2f7743cce (patch) | |
tree | 963f94c30d0a809972528741d5b54256e897b35f /cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch | |
parent | d34fe86cd686ece409617c1816d03539f288d9a8 (diff) |
update cross-binutils
Diffstat (limited to 'cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch')
-rw-r--r-- | cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch | 128 |
1 files changed, 0 insertions, 128 deletions
diff --git a/cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch b/cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch deleted file mode 100644 index 7fafa8daf..000000000 --- a/cross/cross-binutils/binutils-2.24-CVE-2014-8737.patch +++ /dev/null @@ -1,128 +0,0 @@ -diff --git a/binutils/ar.c b/binutils/ar.c -index ebd9528..117826d 100644 ---- a/binutils/ar.c -+++ b/binutils/ar.c -@@ -1034,6 +1034,15 @@ extract_file (bfd *abfd) - bfd_size_type size; - struct stat buf; - -+ /* PR binutils/17533: Do not allow directory traversal -+ outside of the current directory tree. */ -+ if (! is_valid_archive_path (bfd_get_filename (abfd))) -+ { -+ non_fatal (_("illegal pathname found in archive member: %s"), -+ bfd_get_filename (abfd)); -+ return; -+ } -+ - if (bfd_stat_arch_elt (abfd, &buf) != 0) - /* xgettext:c-format */ - fatal (_("internal stat error on %s"), bfd_get_filename (abfd)); -diff --git a/binutils/bucomm.c b/binutils/bucomm.c -index fd73070..b8deff5 100644 ---- a/binutils/bucomm.c -+++ b/binutils/bucomm.c -@@ -624,3 +624,29 @@ bfd_get_archive_filename (const bfd *abfd) - bfd_get_filename (abfd)); - return buf; - } -+ -+/* Returns TRUE iff PATHNAME, a filename of an archive member, -+ is valid for writing. For security reasons absolute paths -+ and paths containing /../ are not allowed. See PR 17533. */ -+ -+bfd_boolean -+is_valid_archive_path (char const * pathname) -+{ -+ const char * n = pathname; -+ -+ if (IS_ABSOLUTE_PATH (n)) -+ return FALSE; -+ -+ while (*n) -+ { -+ if (*n == '.' && *++n == '.' && ( ! *++n || IS_DIR_SEPARATOR (*n))) -+ return FALSE; -+ -+ while (*n && ! IS_DIR_SEPARATOR (*n)) -+ n++; -+ while (IS_DIR_SEPARATOR (*n)) -+ n++; -+ } -+ -+ return TRUE; -+} -diff --git a/binutils/bucomm.h b/binutils/bucomm.h -index a93c378..a71a8fb 100644 ---- a/binutils/bucomm.h -+++ b/binutils/bucomm.h -@@ -21,6 +21,8 @@ - #ifndef _BUCOMM_H - #define _BUCOMM_H - -+/* In bucomm.c. */ -+ - /* Return the filename in a static buffer. */ - const char *bfd_get_archive_filename (const bfd *); - -@@ -56,20 +58,22 @@ bfd_vma parse_vma (const char *, const char *); - - off_t get_file_size (const char *); - -+bfd_boolean is_valid_archive_path (char const *); -+ - extern char *program_name; - --/* filemode.c */ -+/* In filemode.c. */ - void mode_string (unsigned long, char *); - --/* version.c */ -+/* In version.c. */ - extern void print_version (const char *); - --/* rename.c */ -+/* In rename.c. */ - extern void set_times (const char *, const struct stat *); - - extern int smart_rename (const char *, const char *, int); - --/* libiberty. */ -+/* In libiberty. */ - void *xmalloc (size_t); - - void *xrealloc (void *, size_t); -diff --git a/binutils/doc/binutils.texi b/binutils/doc/binutils.texi -index eee77b1..39eb1d2 100644 ---- a/binutils/doc/binutils.texi -+++ b/binutils/doc/binutils.texi -@@ -234,7 +234,8 @@ a normal archive. Instead the elements of the first archive are added - individually to the second archive. - - The paths to the elements of the archive are stored relative to the --archive itself. -+archive itself. For security reasons absolute paths and paths with a -+@code{/../} component are not allowed. - - @cindex compatibility, @command{ar} - @cindex @command{ar} compatibility -diff --git a/binutils/objcopy.c b/binutils/objcopy.c -index 3b353ad..8454bc6 100644 ---- a/binutils/objcopy.c -+++ b/binutils/objcopy.c -@@ -2295,6 +2295,12 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target, - bfd_boolean del = TRUE; - bfd_boolean ok_object; - -+ /* PR binutils/17533: Do not allow directory traversal -+ outside of the current directory tree by archive members. */ -+ if (! is_valid_archive_path (bfd_get_filename (this_element))) -+ fatal (_("illegal pathname found in archive member: %s"), -+ bfd_get_filename (this_element)); -+ - /* Create an output file for this member. */ - output_name = concat (dir, "/", - bfd_get_filename (this_element), (char *) 0); --- -1.7.1 - |