diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-06-17 10:20:51 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-08-29 16:50:53 +0100 |
commit | fa4a5024fcad307d061dea7933fbf531abf5e17d (patch) | |
tree | 07b677774737389c8657de55993bac14aef1b077 | |
parent | 4f064564fd595b3a0cbc09832ce74235faa96345 (diff) | |
download | poky-fa4a5024fcad307d061dea7933fbf531abf5e17d.tar.gz |
glibc: Security fix CVE-2016-6323
arm: mark __startcontext as .cantunwind, GNU
CVE: CVE-2016-6323
(From OE-Core rev: e80d454711f67a9a3a2a43bb7d9ff911c4664a84)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 | ||||
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.24.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch new file mode 100644 index 0000000000..f9b9fa50d9 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | glibc-2.24: Fix CVE-2016-6323 | ||
2 | |||
3 | [No upstream tracking] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20435 | ||
4 | |||
5 | arm: mark __startcontext as .cantunwind, GNU | ||
6 | |||
7 | Glibc bug where the makecontext function would create | ||
8 | an execution context which is incompatible with the unwinder, | ||
9 | causing it to hang when the generation of a backtrace is attempted. | ||
10 | |||
11 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617] | ||
12 | CVE: CVE-2016-6323 | ||
13 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
14 | Signed-off-by: Pascal Bach <pascal.bach@siemens.com> | ||
15 | |||
16 | diff --git a/sysdeps/unix/sysv/linux/arm/setcontext.S b/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
17 | index 603e508..d1f168f 100644 | ||
18 | --- a/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
19 | +++ b/sysdeps/unix/sysv/linux/arm/setcontext.S | ||
20 | @@ -86,12 +86,19 @@ weak_alias(__setcontext, setcontext) | ||
21 | |||
22 | /* Called when a makecontext() context returns. Start the | ||
23 | context in R4 or fall through to exit(). */ | ||
24 | + /* Unwind descriptors are looked up based on PC - 2, so we have to | ||
25 | + make sure to mark the instruction preceding the __startcontext | ||
26 | + label as .cantunwind. */ | ||
27 | + .fnstart | ||
28 | + .cantunwind | ||
29 | + nop | ||
30 | ENTRY(__startcontext) | ||
31 | movs r0, r4 | ||
32 | bne PLTJMP(__setcontext) | ||
33 | |||
34 | @ New context was 0 - exit | ||
35 | b PLTJMP(HIDDEN_JUMPTARGET(exit)) | ||
36 | + .fnend | ||
37 | END(__startcontext) | ||
38 | |||
39 | #ifdef PIC | ||
diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index b60b692723..08ae45947f 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb | |||
@@ -38,6 +38,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
38 | file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \ | 38 | file://0025-Define-DUMMY_LOCALE_T-if-not-defined.patch \ |
39 | file://0026-build_local_scope.patch \ | 39 | file://0026-build_local_scope.patch \ |
40 | file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \ | 40 | file://0028-Bug-20116-Fix-use-after-free-in-pthread_create.patch \ |
41 | file://CVE-2016-6323.patch \ | ||
41 | " | 42 | " |
42 | 43 | ||
43 | SRC_URI += "\ | 44 | SRC_URI += "\ |