Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 952478 Details for
Bug 1157276
CVE-2014-8485 binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Default strings to -a
binutils-2.24-strings-default-all.patch (text/plain), 10.81 KB, created by
Nick Clifton
on 2014-10-31 12:40:20 UTC
(
hide
)
Description:
Default strings to -a
Filename:
MIME Type:
Creator:
Nick Clifton
Created:
2014-10-31 12:40:20 UTC
Size:
10.81 KB
patch
obsolete
>diff -cpr ../binutils-2.24.orig/binutils/config.in binutils/config.in >*** ../binutils-2.24.orig/binutils/config.in 2014-10-31 11:50:20.455222877 +0000 >--- binutils/config.in 2014-10-31 11:59:05.021241036 +0000 >*************** >*** 18,23 **** >--- 18,26 ---- > /* Should ar and ranlib use -D behavior by default? */ > #undef DEFAULT_AR_DETERMINISTIC > >+ /* Should strings use -a behavior by default? */ >+ #undef DEFAULT_STRINGS_ALL >+ > /* Define to 1 if translation of program messages to the user's native > language is requested. */ > #undef ENABLE_NLS >diff -cpr ../binutils-2.24.orig/binutils/configure binutils/configure >*** ../binutils-2.24.orig/binutils/configure 2014-10-31 11:50:20.590223736 +0000 >--- binutils/configure 2014-10-31 12:01:46.570102643 +0000 >*************** with_gnu_ld >*** 772,777 **** >--- 772,778 ---- > enable_libtool_lock > enable_targets > enable_deterministic_archives >+ enable_default_strings_all > enable_werror > enable_build_warnings > enable_nls >*************** Optional Features: >*** 1421,1426 **** >--- 1422,1429 ---- > --enable-targets alternative target configurations > --enable-deterministic-archives > ar and ranlib default to -D behavior >+ --disable-default-strings-all >+ strings defaults to --data behavior > --enable-werror treat compile warnings as errors > --enable-build-warnings enable build-time compiler warnings > --disable-nls do not use Native Language Support >*************** cat >>confdefs.h <<_ACEOF >*** 11615,11620 **** >--- 11594,11618 ---- > _ACEOF > > >+ # Check whether --enable-default-strings-all was given. >+ if test "${enable_default_strings_all+set}" = set; then : >+ enableval=$enable_default_strings_all; >+ if test "${enableval}" = no; then >+ default_strings_all=0 >+ else >+ default_strings_all=1 >+ fi >+ else >+ default_strings_all=1 >+ fi >+ >+ >+ >+ cat >>confdefs.h <<_ACEOF >+ #define DEFAULT_STRINGS_ALL $default_strings_all >+ _ACEOF >+ >+ > > GCC_WARN_CFLAGS="-W -Wall -Wstrict-prototypes -Wmissing-prototypes" > cat confdefs.h - <<_ACEOF >conftest.$ac_ext >diff -cpr ../binutils-2.24.orig/binutils/configure.in binutils/configure.in >*** ../binutils-2.24.orig/binutils/configure.in 2014-10-31 11:50:20.430222717 +0000 >--- binutils/configure.in 2014-10-31 12:00:48.092790946 +0000 >*************** fi], [default_ar_deterministic=0]) >*** 57,62 **** >--- 57,74 ---- > AC_DEFINE_UNQUOTED(DEFAULT_AR_DETERMINISTIC, $default_ar_deterministic, > [Should ar and ranlib use -D behavior by default?]) > >+ AC_ARG_ENABLE(default-strings-all, >+ [AS_HELP_STRING([--disable-default-strings-all], >+ [strings defaults to --data behavior])], [ >+ if test "${enableval}" = no; then >+ default_strings_all=0 >+ else >+ default_strings_all=1 >+ fi], [default_strings_all=1]) >+ >+ AC_DEFINE_UNQUOTED(DEFAULT_STRINGS_ALL, $default_strings_all, >+ [Should strings use -a behavior by default?]) >+ > AM_BINUTILS_WARNINGS > > AC_CONFIG_HEADERS(config.h:config.in) >diff -cpr ../binutils-2.24.orig/binutils/doc/binutils.texi binutils/doc/binutils.texi >*** ../binutils-2.24.orig/binutils/doc/binutils.texi 2014-10-31 11:50:20.579223666 +0000 >--- binutils/doc/binutils.texi 2014-10-31 11:59:23.052339164 +0000 >*************** strings [@option{-afovV}] [@option{-}@va >*** 2653,2667 **** > > @c man begin DESCRIPTION strings > >! For each @var{file} given, @sc{gnu} @command{strings} prints the printable >! character sequences that are at least 4 characters long (or the number >! given with the options below) and are followed by an unprintable >! character. By default, it only prints the strings from the initialized >! and loaded sections of object files; for other types of files, it prints >! the strings from the whole file. > >! @command{strings} is mainly useful for determining the contents of non-text >! files. > > @c man end > >--- 2653,2676 ---- > > @c man begin DESCRIPTION strings > >! For each @var{file} given, @sc{gnu} @command{strings} prints the >! printable character sequences that are at least 4 characters long (or >! the number given with the options below) and are followed by an >! unprintable character. >! >! Depending upon how the strings program was configured it will default >! to either displaying all the printable sequences that it can find in >! each file, or only those sequences that are in loadable, initialized >! data sections. If the file type in unrecognizable, or if strings is >! reading from stdin then it will always display all of the printable >! sequences that it can find. >! >! For backwards compatibility any file that occurs after a command line >! option of just @option{-} will also be scanned in full, regardless of >! the presence of any @option{-d} option. > >! @command{strings} is mainly useful for determining the contents of >! non-text files. > > @c man end > >*************** files. >*** 2671,2678 **** > @item -a > @itemx --all > @itemx - >! Do not scan only the initialized and loaded sections of object files; >! scan the whole files. > > @item -f > @itemx --print-file-name >--- 2680,2704 ---- > @item -a > @itemx --all > @itemx - >! Scan the whole file, regardless of what sections it contains or >! whether those sections are loaded or initialized. Normally this is >! the default behaviour, but strings can be configured so that the >! @option{-d} is the default instead. >! >! The @option{-} option is position dependent and forces strings to >! perform full scans of any file that is mentioned after the @option{-} >! on the command line, even if the @option{-d} option has been >! specified. >! >! @item -d >! @itemx --data >! Only print strings from initialized, loaded data sections in the >! file. This may reduce the amount of garbage in the output, but it >! also exposes the strings program to any security flaws that may be >! present in the BFD library used to scan and load sections. Strings >! can be configured so that this option is the default behaviour. In >! such cases the @option{-a} option can be used to avoid using the BFD >! library and instead just print all of the strings found in the file. > > @item -f > @itemx --print-file-name >diff -cpr ../binutils-2.24.orig/binutils/NEWS binutils/NEWS >*** ../binutils-2.24.orig/binutils/NEWS 2014-10-31 11:50:20.338222131 +0000 >--- binutils/NEWS 2014-10-31 11:59:52.315493579 +0000 >*************** >*** 1,5 **** >--- 1,10 ---- > -*- text -*- > >+ * Add --data option to strings to only print strings in loadable, initialized >+ data sections. Change the default behaviour to be --all, but add a new >+ configure time option of --disable-default-strings-all to restore the old >+ default behaviour. >+ > Changes in 2.24: > > * Objcopy now supports wildcard characters in command line options that take >diff -cpr ../binutils-2.24.orig/binutils/strings.c binutils/strings.c >*** ../binutils-2.24.orig/binutils/strings.c 2014-10-31 11:50:20.464222934 +0000 >--- binutils/strings.c 2014-10-31 12:01:33.901035485 +0000 >*************** >*** 23,29 **** > Options: > --all > -a >! - Do not scan only the initialized data section of object files. > > --print-file-name > -f Print the name of the file before each string. >--- 23,32 ---- > Options: > --all > -a >! - Scan each file in its entirety. >! >! --data >! -d Scan only the initialized data section(s) of object files. > > --print-file-name > -f Print the name of the file before each string. >*************** static int encoding_bytes; >*** 107,112 **** >--- 110,116 ---- > static struct option long_options[] = > { > {"all", no_argument, NULL, 'a'}, >+ {"data", no_argument, NULL, 'd'}, > {"print-file-name", no_argument, NULL, 'f'}, > {"bytes", required_argument, NULL, 'n'}, > {"radix", required_argument, NULL, 't'}, >*************** typedef struct >*** 128,134 **** > > static void strings_a_section (bfd *, asection *, void *); > static bfd_boolean strings_object_file (const char *); >! static bfd_boolean strings_file (char *file); > static void print_strings (const char *, FILE *, file_ptr, int, int, char *); > static void usage (FILE *, int); > static long get_char (FILE *, file_ptr *, int *, char **); >--- 132,138 ---- > > static void strings_a_section (bfd *, asection *, void *); > static bfd_boolean strings_object_file (const char *); >! static bfd_boolean strings_file (char *); > static void print_strings (const char *, FILE *, file_ptr, int, int, char *); > static void usage (FILE *, int); > static long get_char (FILE *, file_ptr *, int *, char **); >*************** main (int argc, char **argv) >*** 158,168 **** > string_min = 4; > print_addresses = FALSE; > print_filenames = FALSE; >! datasection_only = TRUE; > target = NULL; > encoding = 's'; > >! while ((optc = getopt_long (argc, argv, "afhHn:ot:e:T:Vv0123456789", > long_options, (int *) 0)) != EOF) > { > switch (optc) >--- 162,175 ---- > string_min = 4; > print_addresses = FALSE; > print_filenames = FALSE; >! if (DEFAULT_STRINGS_ALL) >! datasection_only = FALSE; >! else >! datasection_only = TRUE; > target = NULL; > encoding = 's'; > >! while ((optc = getopt_long (argc, argv, "adfhHn:ot:e:T:Vv0123456789", > long_options, (int *) 0)) != EOF) > { > switch (optc) >*************** main (int argc, char **argv) >*** 171,176 **** >--- 178,187 ---- > datasection_only = FALSE; > break; > >+ case 'd': >+ datasection_only = TRUE; >+ break; >+ > case 'f': > print_filenames = TRUE; > break; >*************** usage (FILE *stream, int status) >*** 635,642 **** > { > fprintf (stream, _("Usage: %s [option(s)] [file(s)]\n"), program_name); > fprintf (stream, _(" Display printable strings in [file(s)] (stdin by default)\n")); >! fprintf (stream, _(" The options are:\n\ > -a - --all Scan the entire file, not just the data section\n\ > -f --print-file-name Print the name of the file before each string\n\ > -n --bytes=[number] Locate & print any NUL-terminated sequence of at\n\ > -<number> least [number] characters (default 4).\n\ >--- 646,663 ---- > { > fprintf (stream, _("Usage: %s [option(s)] [file(s)]\n"), program_name); > fprintf (stream, _(" Display printable strings in [file(s)] (stdin by default)\n")); >! fprintf (stream, _(" The options are:\n")); >! >! if (DEFAULT_STRINGS_ALL) >! fprintf (stream, _("\ >! -a - --all Scan the entire file, not just the data section [default]\n\ >! -d --data Only scan the data sections in the file\n")); >! else >! fprintf (stream, _("\ > -a - --all Scan the entire file, not just the data section\n\ >+ -d --data Only scan the data sections in the file [default]\n")); >+ >+ fprintf (stream, _("\ > -f --print-file-name Print the name of the file before each string\n\ > -n --bytes=[number] Locate & print any NUL-terminated sequence of at\n\ > -<number> least [number] characters (default 4).\n\ > >Only in binutils: strings.c.rej
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=952478">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1157276
:
952477
| 952478 |
1044338