eglibc-nativesdk: Fix buffer overrun with a relocated SDK
When ld-linux-*.so.2 is relocated to a path that is longer than the original fixed location, the dynamic loader will crash in open_path because it implicitly assumes that max_dirnamelen is a fixed size that never changes. The allocated buffer will not be large enough to contain the directory path string which is larger than the fixed location provided at build time. (From OE-Core rev: 8ebd85d29eb1a9c0c0d3cd79e7dda8b857c27bbb) Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
981bd3a297
commit
eef73b4489
|
@ -0,0 +1,41 @@
|
|||
Upstream-Status: Inappropriate [SDK specific]
|
||||
|
||||
eglibc-nativesdk: Fix buffer overrun with a relocated SDK
|
||||
|
||||
When ld-linux-*.so.2 is relocated to a path that is longer than the
|
||||
original fixed location, the dynamic loader will crash in open_path
|
||||
because it implicitly assumes that max_dirnamelen is a fixed size that
|
||||
never changes.
|
||||
|
||||
The allocated buffer will not be large enough to contain the directory
|
||||
path string which is larger than the fixed location provided at build
|
||||
time.
|
||||
|
||||
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
|
||||
|
||||
---
|
||||
elf/dl-load.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
--- a/elf/dl-load.c
|
||||
+++ b/elf/dl-load.c
|
||||
@@ -1919,7 +1919,19 @@ open_path (const char *name, size_t name
|
||||
given on the command line when rtld is run directly. */
|
||||
return -1;
|
||||
|
||||
+ do
|
||||
+ {
|
||||
+ struct r_search_path_elem *this_dir = *dirs;
|
||||
+ if (this_dir->dirnamelen > max_dirnamelen)
|
||||
+ {
|
||||
+ max_dirnamelen = this_dir->dirnamelen;
|
||||
+ }
|
||||
+ }
|
||||
+ while (*++dirs != NULL);
|
||||
+
|
||||
buf = alloca (max_dirnamelen + max_capstrlen + namelen);
|
||||
+
|
||||
+ dirs = sps->dirs;
|
||||
do
|
||||
{
|
||||
struct r_search_path_elem *this_dir = *dirs;
|
|
@ -1,6 +1,6 @@
|
|||
require eglibc.inc
|
||||
|
||||
PR = "r2"
|
||||
PR = "r3"
|
||||
|
||||
DEPENDS += "gperf-native kconfig-frontends-native"
|
||||
|
||||
|
@ -45,6 +45,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
|
|||
|
||||
SRC_URI_append_class-nativesdk = " file://ld-search-order.patch \
|
||||
file://relocatable_sdk.patch \
|
||||
file://relocatable_sdk_fix_openpath.patch \
|
||||
"
|
||||
S = "${WORKDIR}/eglibc-${PV}/libc"
|
||||
B = "${WORKDIR}/build-${TARGET_SYS}"
|
||||
|
|
Loading…
Reference in New Issue