diff -rup binutils-2.23.52.0.1.orig/binutils/config.in binutils-2.23.52.0.1/binutils/config.in --- binutils-2.23.52.0.1.orig/binutils/config.in 2015-06-29 11:32:47.721653986 +0100 +++ binutils-2.23.52.0.1/binutils/config.in 2015-06-29 11:35:48.377753127 +0100 @@ -18,6 +18,9 @@ /* Should ar and ranlib use -D behavior by default? */ #undef DEFAULT_AR_DETERMINISTIC +/* Should strings use -a behavior by default? */ +#undef DEFAULT_STRINGS_ALL + /* Define to 1 if translation of program messages to the user's native language is requested. */ #undef ENABLE_NLS diff -rup binutils-2.23.52.0.1.orig/binutils/configure binutils-2.23.52.0.1/binutils/configure --- binutils-2.23.52.0.1.orig/binutils/configure 2015-06-29 11:32:47.699653852 +0100 +++ binutils-2.23.52.0.1/binutils/configure 2015-06-29 11:36:53.932149340 +0100 @@ -772,6 +772,7 @@ with_gnu_ld enable_libtool_lock enable_targets enable_deterministic_archives +enable_default_strings_all enable_werror enable_build_warnings enable_nls @@ -1421,6 +1422,8 @@ Optional Features: --enable-targets alternative target configurations --enable-deterministic-archives ar and ranlib default to -D behavior + --disable-default-strings-all + strings defaults to --data behavior --enable-werror treat compile warnings as errors --enable-build-warnings enable build-time compiler warnings --disable-nls do not use Native Language Support @@ -11602,13 +11605,27 @@ else default_ar_deterministic=0 fi - - cat >>confdefs.h <<_ACEOF #define DEFAULT_AR_DETERMINISTIC $default_ar_deterministic _ACEOF +# Check whether --enable-default-strings-all was given. +if test "${enable_default_strings_all+set}" = set; then : + enableval=$enable_default_strings_all; +if test "${enableval}" = no; then + default_strings_all=0 +else + default_strings_all=1 +fi +else + default_strings_all=1 +fi + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_STRINGS_ALL $default_strings_all +_ACEOF + GCC_WARN_CFLAGS="-W -Wall -Wstrict-prototypes -Wmissing-prototypes" cat confdefs.h - <<_ACEOF >conftest.$ac_ext diff -rup binutils-2.23.52.0.1.orig/binutils/configure.in binutils-2.23.52.0.1/binutils/configure.in --- binutils-2.23.52.0.1.orig/binutils/configure.in 2015-06-29 11:32:47.702653870 +0100 +++ binutils-2.23.52.0.1/binutils/configure.in 2015-06-29 11:37:17.355289171 +0100 @@ -57,6 +57,18 @@ fi], [default_ar_deterministic=0]) AC_DEFINE_UNQUOTED(DEFAULT_AR_DETERMINISTIC, $default_ar_deterministic, [Should ar and ranlib use -D behavior by default?]) +AC_ARG_ENABLE(default-strings-all, +[AS_HELP_STRING([--disable-default-strings-all], + [strings defaults to --data behavior])], [ +if test "${enableval}" = no; then + default_strings_all=0 +else + default_strings_all=1 +fi], [default_strings_all=1]) + +AC_DEFINE_UNQUOTED(DEFAULT_STRINGS_ALL, $default_strings_all, + [Should strings use -a behavior by default?]) + AM_BINUTILS_WARNINGS AC_CONFIG_HEADERS(config.h:config.in) diff -rup binutils-2.23.52.0.1.orig/binutils/doc/binutils.texi binutils-2.23.52.0.1/binutils/doc/binutils.texi --- binutils-2.23.52.0.1.orig/binutils/doc/binutils.texi 2015-06-29 11:32:47.708653907 +0100 +++ binutils-2.23.52.0.1/binutils/doc/binutils.texi 2015-06-29 11:38:49.645840128 +0100 @@ -2658,15 +2658,24 @@ strings [@option{-afovV}] [@option{-}@va @c man begin DESCRIPTION strings -For each @var{file} given, @sc{gnu} @command{strings} prints the printable -character sequences that are at least 4 characters long (or the number -given with the options below) and are followed by an unprintable -character. By default, it only prints the strings from the initialized -and loaded sections of object files; for other types of files, it prints -the strings from the whole file. +For each @var{file} given, @sc{gnu} @command{strings} prints the +printable character sequences that are at least 4 characters long (or +the number given with the options below) and are followed by an +unprintable character. + +Depending upon how the strings program was configured it will default +to either displaying all the printable sequences that it can find in +each file, or only those sequences that are in loadable, initialized +data sections. If the file type in unrecognizable, or if strings is +reading from stdin then it will always display all of the printable +sequences that it can find. + +For backwards compatibility any file that occurs after a command line +option of just @option{-} will also be scanned in full, regardless of +the presence of any @option{-d} option. -@command{strings} is mainly useful for determining the contents of non-text -files. +@command{strings} is mainly useful for determining the contents of +non-text files. @c man end @@ -2676,8 +2685,25 @@ files. @item -a @itemx --all @itemx - -Do not scan only the initialized and loaded sections of object files; -scan the whole files. +Scan the whole file, regardless of what sections it contains or +whether those sections are loaded or initialized. Normally this is +the default behaviour, but strings can be configured so that the +@option{-d} is the default instead. + +The @option{-} option is position dependent and forces strings to +perform full scans of any file that is mentioned after the @option{-} +on the command line, even if the @option{-d} option has been +specified. + +@item -d +@itemx --data +Only print strings from initialized, loaded data sections in the +file. This may reduce the amount of garbage in the output, but it +also exposes the strings program to any security flaws that may be +present in the BFD library used to scan and load sections. Strings +can be configured so that this option is the default behaviour. In +such cases the @option{-a} option can be used to avoid using the BFD +library and instead just print all of the strings found in the file. @item -f @itemx --print-file-name diff -rup binutils-2.23.52.0.1.orig/binutils/NEWS binutils-2.23.52.0.1/binutils/NEWS --- binutils-2.23.52.0.1.orig/binutils/NEWS 2015-06-29 11:32:47.701653864 +0100 +++ binutils-2.23.52.0.1/binutils/NEWS 2015-06-29 11:39:07.052944045 +0100 @@ -1,5 +1,10 @@ -*- text -*- +* Add --data option to strings to only print strings in loadable, initialized + data sections. Change the default behaviour to be --all, but add a new + configure time option of --disable-default-strings-all to restore the old + default behaviour. + * Objcopy now supports wildcard characters in command line options that take section names. diff -rup binutils-2.23.52.0.1.orig/binutils/strings.c binutils-2.23.52.0.1/binutils/strings.c --- binutils-2.23.52.0.1.orig/binutils/strings.c 2015-06-29 11:32:47.721653986 +0100 +++ binutils-2.23.52.0.1/binutils/strings.c 2015-06-29 11:41:06.159655090 +0100 @@ -23,7 +23,10 @@ Options: --all -a - - Do not scan only the initialized data section of object files. + - Scan each file in its entirety. + + --data + -d Scan only the initialized data section(s) of object files. --print-file-name -f Print the name of the file before each string. @@ -107,6 +110,7 @@ static int encoding_bytes; static struct option long_options[] = { {"all", no_argument, NULL, 'a'}, + {"data", no_argument, NULL, 'd'}, {"print-file-name", no_argument, NULL, 'f'}, {"bytes", required_argument, NULL, 'n'}, {"radix", required_argument, NULL, 't'}, @@ -158,11 +162,14 @@ main (int argc, char **argv) string_min = 4; print_addresses = FALSE; print_filenames = FALSE; - datasection_only = TRUE; + if (DEFAULT_STRINGS_ALL) + datasection_only = FALSE; + else + datasection_only = TRUE; target = NULL; encoding = 's'; - while ((optc = getopt_long (argc, argv, "afhHn:ot:e:T:Vv0123456789", + while ((optc = getopt_long (argc, argv, "adfhHn:ot:e:T:Vv0123456789", long_options, (int *) 0)) != EOF) { switch (optc) @@ -171,6 +178,10 @@ main (int argc, char **argv) datasection_only = FALSE; break; + case 'd': + datasection_only = TRUE; + break; + case 'f': print_filenames = TRUE; break; @@ -659,8 +670,18 @@ usage (FILE *stream, int status) { fprintf (stream, _("Usage: %s [option(s)] [file(s)]\n"), program_name); fprintf (stream, _(" Display printable strings in [file(s)] (stdin by default)\n")); - fprintf (stream, _(" The options are:\n\ + fprintf (stream, _(" The options are:\n")); + + if (DEFAULT_STRINGS_ALL) + fprintf (stream, _("\ + -a - --all Scan the entire file, not just the data section [default]\n\ + -d --data Only scan the data sections in the file\n")); + else + fprintf (stream, _("\ -a - --all Scan the entire file, not just the data section\n\ + -d --data Only scan the data sections in the file [default]\n")); + + fprintf (stream, _("\ -f --print-file-name Print the name of the file before each string\n\ -n --bytes=[number] Locate & print any NUL-terminated sequence of at\n\ - least [number] characters (default 4).\n\ diff -rup binutils-2.23.52.0.1.orig/bfd/elf.c binutils-2.23.52.0.1/bfd/elf.c --- binutils-2.23.52.0.1.orig/bfd/elf.c 2015-06-29 11:32:47.637653475 +0100 +++ binutils-2.23.52.0.1/bfd/elf.c 2015-06-29 11:48:24.632272687 +0100 @@ -613,7 +613,8 @@ setup_group (bfd *abfd, Elf_Internal_Shd _bfd_error_handler (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); bfd_set_error (bfd_error_bad_value); - return FALSE; + -- num_group; + continue; } memset (shdr->contents, 0, amt); @@ -621,7 +622,16 @@ setup_group (bfd *abfd, Elf_Internal_Shd if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 || (bfd_bread (shdr->contents, shdr->sh_size, abfd) != shdr->sh_size)) - return FALSE; + { + _bfd_error_handler + (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size); + bfd_set_error (bfd_error_bad_value); + -- num_group; + /* PR 17510: If the group contents are even partially + corrupt, do not allow any of the contents to be used. */ + memset (shdr->contents, 0, amt); + continue; + } /* Translate raw contents, a flag word followed by an array of elf section indices all in target byte order, @@ -654,6 +664,21 @@ setup_group (bfd *abfd, Elf_Internal_Shd } } } + + /* PR 17510: Corrupt binaries might contain invalid groups. */ + if (num_group != (unsigned) elf_tdata (abfd)->num_group) + { + elf_tdata (abfd)->num_group = num_group; + + /* If all groups are invalid then fail. */ + if (num_group == 0) + { + elf_tdata (abfd)->group_sect_ptr = NULL; + elf_tdata (abfd)->num_group = num_group = -1; + (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd); + bfd_set_error (bfd_error_bad_value); + } + } } } @@ -719,6 +744,7 @@ setup_group (bfd *abfd, Elf_Internal_Shd { (*_bfd_error_handler) (_("%B: no group info for section %A"), abfd, newsect); + return FALSE; } return TRUE; }