summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Wessel <jason.wessel@windriver.com>2013-01-10 12:55:11 -0600
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-02-08 14:46:12 +0000
commit8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb (patch)
treeacb205787aa249b4e3728b39c1ec38dab6e135a1
parent0a07ec7d13becc7ce87c502e75a006300a7090a5 (diff)
downloadopenembedded-core-8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb.tar.gz
openembedded-core-8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb.tar.bz2
openembedded-core-8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb.zip
eglibc-nativesdk: Fix buffer overrun with a relocated SDK
When ld-linux-*.so.2 is relocated to a path that is longer than the original fixed location, the dynamic loader will crash in open_path because it implicitly assumes that max_dirnamelen is a fixed size that never changes. The allocated buffer will not be large enough to contain the directory path string which is larger than the fixed location provided at build time. Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
-rw-r--r--meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch41
-rw-r--r--meta/recipes-core/eglibc/eglibc_2.17.bb3
2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
new file mode 100644
index 0000000000..f164f8f9ae
--- /dev/null
+++ b/meta/recipes-core/eglibc/eglibc-2.17/relocatable_sdk_fix_openpath.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [SDK specific]
+
+eglibc-nativesdk: Fix buffer overrun with a relocated SDK
+
+When ld-linux-*.so.2 is relocated to a path that is longer than the
+original fixed location, the dynamic loader will crash in open_path
+because it implicitly assumes that max_dirnamelen is a fixed size that
+never changes.
+
+The allocated buffer will not be large enough to contain the directory
+path string which is larger than the fixed location provided at build
+time.
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+
+---
+ elf/dl-load.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
+ given on the command line when rtld is run directly. */
+ return -1;
+
++ do
++ {
++ struct r_search_path_elem *this_dir = *dirs;
++ if (this_dir->dirnamelen > max_dirnamelen)
++ {
++ max_dirnamelen = this_dir->dirnamelen;
++ }
++ }
++ while (*++dirs != NULL);
++
+ buf = alloca (max_dirnamelen + max_capstrlen + namelen);
++
++ dirs = sps->dirs;
+ do
+ {
+ struct r_search_path_elem *this_dir = *dirs;
diff --git a/meta/recipes-core/eglibc/eglibc_2.17.bb b/meta/recipes-core/eglibc/eglibc_2.17.bb
index 7bdb267eb1..fb49ac4535 100644
--- a/meta/recipes-core/eglibc/eglibc_2.17.bb
+++ b/meta/recipes-core/eglibc/eglibc_2.17.bb
@@ -1,6 +1,6 @@
require eglibc.inc
-PR = "r2"
+PR = "r3"
DEPENDS += "gperf-native kconfig-frontends-native"
@@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
file://relocatable_sdk.patch \
+ file://relocatable_sdk_fix_openpath.patch \
"
S = "${WORKDIR}/eglibc-${PV}/libc"
B = "${WORKDIR}/build-${TARGET_SYS}"