summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Wessel <jason.wessel@windriver.com>2013-01-10 12:55:11 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-02-08 14:50:37 +0000
commiteef73b44893fdaf5918c494d315e2a0b69e4a008 (patch)
tree9f42e414631f476151290d8f9ef459ca482be19a
parent981bd3a297ff51f30bebfa189e1516c7507cf278 (diff)
downloadpoky-eef73b44893fdaf5918c494d315e2a0b69e4a008.tar.gz
eglibc-nativesdk: Fix buffer overrun with a relocated SDK
When ld-linux-*.so.2 is relocated to a path that is longer than the original fixed location, the dynamic loader will crash in open_path because it implicitly assumes that max_dirnamelen is a fixed size that never changes. The allocated buffer will not be large enough to contain the directory path string which is larger than the fixed location provided at build time. (From OE-Core rev: 8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb) Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch41
-rw-r--r--meta/recipes-core/eglibc/eglibc_2.17.bb3
2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
new file mode 100644
index 0000000000..f164f8f9ae
--- /dev/null
+++ b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
@@ -0,0 +1,41 @@
1Upstream-Status: Inappropriate [SDK specific]
2
3eglibc-nativesdk: Fix buffer overrun with a relocated SDK
4
5When ld-linux-*.so.2 is relocated to a path that is longer than the
6original fixed location, the dynamic loader will crash in open_path
7because it implicitly assumes that max_dirnamelen is a fixed size that
8never changes.
9
10The allocated buffer will not be large enough to contain the directory
11path string which is larger than the fixed location provided at build
12time.
13
14Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
15
16---
17 elf/dl-load.c | 12 ++++++++++++
18 1 file changed, 12 insertions(+)
19
20--- a/elf/dl-load.c
21+++ b/elf/dl-load.c
22@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
23 given on the command line when rtld is run directly. */
24 return -1;
25
26+ do
27+ {
28+ struct r_search_path_elem *this_dir = *dirs;
29+ if (this_dir->dirnamelen > max_dirnamelen)
30+ {
31+ max_dirnamelen = this_dir->dirnamelen;
32+ }
33+ }
34+ while (*++dirs != NULL);
35+
36 buf = alloca (max_dirnamelen + max_capstrlen + namelen);
37+
38+ dirs = sps->dirs;
39 do
40 {
41 struct r_search_path_elem *this_dir = *dirs;
diff --git a/meta/recipes-core/eglibc/eglibc_2.17.bb b/meta/recipes-core/eglibc/eglibc_2.17.bb
index 7bdb267eb1..fb49ac4535 100644
--- a/meta/recipes-core/eglibc/eglibc_2.17.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.17.bb
@@ -1,6 +1,6 @@
1require eglibc.inc 1require eglibc.inc
2 2
3PR = "r2" 3PR = "r3"
4 4
5DEPENDS += "gperf-native kconfig-frontends-native" 5DEPENDS += "gperf-native kconfig-frontends-native"
6 6
@@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
45 45
46SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \ 46SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
47 file://relocatable_sdk.patch \ 47 file://relocatable_sdk.patch \
48 file://relocatable_sdk_fix_openpath.patch \
48 " 49 "
49S = "${WORKDIR}/eglibc-${PV}/libc" 50S = "${WORKDIR}/eglibc-${PV}/libc"
50B = "${WORKDIR}/build-${TARGET_SYS}" 51B = "${WORKDIR}/build-${TARGET_SYS}"