2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
new file mode 100644
index 0000000000..f164f8f9ae
--- /dev/null
+++ b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [SDK specific]
+eglibc-nativesdk: Fix buffer overrun with a relocated SDK
+When ld-linux-*.so.2 is relocated to a path that is longer than the
+original fixed location, the dynamic loader will crash in open_path
+because it implicitly assumes that max_dirnamelen is a fixed size that
+never changes.
+The allocated buffer will not be large enough to contain the directory
+path string which is larger than the fixed location provided at build
+time.
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ elf/dl-load.c |   12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+--- a/elf/dl-load.c
+++ b/elf/dl-load.c
+@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
+        given on the command line when rtld is run directly.  */
+     return -1;
+ 
+  do
+    {
+      struct r_search_path_elem *this_dir = *dirs;
+      if (this_dir->dirnamelen > max_dirnamelen)
+       {
+         max_dirnamelen = this_dir->dirnamelen;
+       }
+    }
+  while (*++dirs != NULL);
+
+   buf = alloca (max_dirnamelen + max_capstrlen + namelen);
+
+  dirs = sps->dirs;
+   do
+     {
+       struct r_search_path_elem *this_dir = *dirs;
diff --git a/meta/recipes-core/eglibc/eglibc_2.17.bb b/meta/recipes-core/eglibc/eglibc_2.17.bb
index 7bdb267eb1..fb49ac4535 100644
--- a/meta/recipes-core/eglibc/eglibc_2.17.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.17.bb
@@ -1,6 +1,6 @@
 require eglibc.inc
-PR = "r2"
+PR = "r3"
 DEPENDS += "gperf-native kconfig-frontends-native"
@@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
 SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
            file://relocatable_sdk.patch \
+            file://relocatable_sdk_fix_openpath.patch \
            "
 S = "${WORKDIR}/eglibc-${PV}/libc"
 B = "${WORKDIR}/build-${TARGET_SYS}"

diff --git a/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch new file mode 100644 index 0000000000..f164f8f9ae --- /dev/null +++ b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
@@ -0,0 +1,41 @@
		1	Upstream-Status: Inappropriate [SDK specific]
		2
		3	eglibc-nativesdk: Fix buffer overrun with a relocated SDK
		4
		5	When ld-linux-*.so.2 is relocated to a path that is longer than the
		6	original fixed location, the dynamic loader will crash in open_path
		7	because it implicitly assumes that max_dirnamelen is a fixed size that
		8	never changes.
		9
		10	The allocated buffer will not be large enough to contain the directory
		11	path string which is larger than the fixed location provided at build
		12	time.
		13
		14	Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
		15
		16	---
		17	elf/dl-load.c \| 12 ++++++++++++
		18	1 file changed, 12 insertions(+)
		19
		20	--- a/elf/dl-load.c
		21	+++ b/elf/dl-load.c
		22	@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
		23	given on the command line when rtld is run directly. */
		24	return -1;
		25
		26	+ do
		27	+ {
		28	+ struct r_search_path_elem this_dir = dirs;
		29	+ if (this_dir->dirnamelen > max_dirnamelen)
		30	+ {
		31	+ max_dirnamelen = this_dir->dirnamelen;
		32	+ }
		33	+ }
		34	+ while (*++dirs != NULL);
		35	+
		36	buf = alloca (max_dirnamelen + max_capstrlen + namelen);
		37	+
		38	+ dirs = sps->dirs;
		39	do
		40	{
		41	struct r_search_path_elem this_dir = dirs;


diff --git a/meta/recipes-core/eglibc/eglibc_2.17.bb b/meta/recipes-core/eglibc/eglibc_2.17.bb index 7bdb267eb1..fb49ac4535 100644 --- a/meta/recipes-core/eglibc/eglibc_2.17.bb +++ b/meta/recipes-core/eglibc/eglibc_2.17.bb
@@ -1,6 +1,6 @@
1	require eglibc.inc	1	require eglibc.inc
2		2
3	PR = "r2"	3	PR = "r3"
4		4
5	DEPENDS += "gperf-native kconfig-frontends-native"	5	DEPENDS += "gperf-native kconfig-frontends-native"
6		6
@@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
45		45
46	SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \	46	SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
47	file://relocatable_sdk.patch \	47	file://relocatable_sdk.patch \
		48	file://relocatable_sdk_fix_openpath.patch \
48	"	49	"
49	S = "${WORKDIR}/eglibc-${PV}/libc"	50	S = "${WORKDIR}/eglibc-${PV}/libc"
50	B = "${WORKDIR}/build-${TARGET_SYS}"	51	B = "${WORKDIR}/build-${TARGET_SYS}"