[oe-commits] Jason Wessel : eglibc-nativesdk: Fix buffer overrun with a relocated SDK
git at git.openembedded.org
git at git.openembedded.org
Fri Feb 8 14:59:39 UTC 2013
Module: openembedded-core.git
Branch: master
Commit: 8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb
Author: Jason Wessel <jason.wessel at windriver.com>
Date: Thu Jan 10 12:55:11 2013 -0600
eglibc-nativesdk: Fix buffer overrun with a relocated SDK
When ld-linux-*.so.2 is relocated to a path that is longer than the
original fixed location, the dynamic loader will crash in open_path
because it implicitly assumes that max_dirnamelen is a fixed size that
never changes.
The allocated buffer will not be large enough to contain the directory
path string which is larger than the fixed location provided at build
time.
Signed-off-by: Jason Wessel <jason.wessel at windriver.com>
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>
---
.../eglibc-2.17/relocatable_sdk_fix_openpath.patch | 41 ++++++++++++++++++++
meta/recipes-core/eglibc/eglibc_2.17.bb | 3 +-
2 files changed, 43 insertions(+), 1 deletions(-)
diff --git a/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
new file mode 100644
index 0000000..f164f8f
--- /dev/null
+++ b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [SDK specific]
+
+eglibc-nativesdk: Fix buffer overrun with a relocated SDK
+
+When ld-linux-*.so.2 is relocated to a path that is longer than the
+original fixed location, the dynamic loader will crash in open_path
+because it implicitly assumes that max_dirnamelen is a fixed size that
+never changes.
+
+The allocated buffer will not be large enough to contain the directory
+path string which is larger than the fixed location provided at build
+time.
+
+Signed-off-by: Jason Wessel <jason.wessel at windriver.com>
+
+---
+ elf/dl-load.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
+ given on the command line when rtld is run directly. */
+ return -1;
+
++ do
++ {
++ struct r_search_path_elem *this_dir = *dirs;
++ if (this_dir->dirnamelen > max_dirnamelen)
++ {
++ max_dirnamelen = this_dir->dirnamelen;
++ }
++ }
++ while (*++dirs != NULL);
++
+ buf = alloca (max_dirnamelen + max_capstrlen + namelen);
++
++ dirs = sps->dirs;
+ do
+ {
+ struct r_search_path_elem *this_dir = *dirs;
diff --git a/meta/recipes-core/eglibc/eglibc_2.17.bb b/meta/recipes-core/eglibc/eglibc_2.17.bb
index 7bdb267..fb49ac4 100644
--- a/meta/recipes-core/eglibc/eglibc_2.17.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.17.bb
@@ -1,6 +1,6 @@
require eglibc.inc
-PR = "r2"
+PR = "r3"
DEPENDS += "gperf-native kconfig-frontends-native"
@@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
file://relocatable_sdk.patch \
+ file://relocatable_sdk_fix_openpath.patch \
"
S = "${WORKDIR}/eglibc-${PV}/libc"
B = "${WORKDIR}/build-${TARGET_SYS}"
More information about the Openembedded-commits
mailing list