diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch')
-rw-r--r-- | meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch new file mode 100644 index 0000000000..b568fc6bdc --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | From 086b65d9aacffc47fcd8df68818a476a5ae76fa1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Wed, 18 Mar 2015 01:50:00 +0000 | ||
4 | Subject: [PATCH 02/27] nativesdk-glibc: Fix buffer overrun with a relocated | ||
5 | SDK | ||
6 | |||
7 | When ld-linux-*.so.2 is relocated to a path that is longer than the | ||
8 | original fixed location, the dynamic loader will crash in open_path | ||
9 | because it implicitly assumes that max_dirnamelen is a fixed size that | ||
10 | never changes. | ||
11 | |||
12 | The allocated buffer will not be large enough to contain the directory | ||
13 | path string which is larger than the fixed location provided at build | ||
14 | time. | ||
15 | |||
16 | Upstream-Status: Inappropriate [OE SDK specific] | ||
17 | |||
18 | Signed-off-by: Jason Wessel <jason.wessel@windriver.com> | ||
19 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
20 | --- | ||
21 | elf/dl-load.c | 12 ++++++++++++ | ||
22 | 1 file changed, 12 insertions(+) | ||
23 | |||
24 | diff --git a/elf/dl-load.c b/elf/dl-load.c | ||
25 | index f45085a..f1eb5ed 100644 | ||
26 | --- a/elf/dl-load.c | ||
27 | +++ b/elf/dl-load.c | ||
28 | @@ -1765,7 +1765,19 @@ open_path (const char *name, size_t namelen, int mode, | ||
29 | given on the command line when rtld is run directly. */ | ||
30 | return -1; | ||
31 | |||
32 | + do | ||
33 | + { | ||
34 | + struct r_search_path_elem *this_dir = *dirs; | ||
35 | + if (this_dir->dirnamelen > max_dirnamelen) | ||
36 | + { | ||
37 | + max_dirnamelen = this_dir->dirnamelen; | ||
38 | + } | ||
39 | + } | ||
40 | + while (*++dirs != NULL); | ||
41 | + | ||
42 | buf = alloca (max_dirnamelen + max_capstrlen + namelen); | ||
43 | + | ||
44 | + dirs = sps->dirs; | ||
45 | do | ||
46 | { | ||
47 | struct r_search_path_elem *this_dir = *dirs; | ||
48 | -- | ||
49 | 2.1.4 | ||
50 | |||