diff options
Diffstat (limited to 'poky/meta/recipes-devtools/gdb')
| -rw-r--r-- | poky/meta/recipes-devtools/gdb/gdb-8.3.inc | 3 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/gdb/gdb.inc | 1 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch | 98 | ||||
| -rw-r--r-- | poky/meta/recipes-devtools/gdb/gdb_8.3.bb | 1 |
4 files changed, 101 insertions, 2 deletions
diff --git a/poky/meta/recipes-devtools/gdb/gdb-8.3.inc b/poky/meta/recipes-devtools/gdb/gdb-8.3.inc index db8d5f349..070c17d4a 100644 --- a/poky/meta/recipes-devtools/gdb/gdb-8.3.inc +++ b/poky/meta/recipes-devtools/gdb/gdb-8.3.inc @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \ file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \ file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674" -SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \ +SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ file://0001-gdbserver-ctrl-c-handling.patch \ file://0002-make-man-install-relative-to-DESTDIR.patch \ file://0003-mips-linux-nat-Define-_ABIO32-if-not-defined.patch \ @@ -16,6 +16,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \ file://0009-Change-order-of-CFLAGS.patch \ file://0010-resolve-restrict-keyword-conflict.patch \ file://0011-Fix-invalid-sigprocmask-call.patch \ + file://CVE-2017-9778.patch \ " SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" SRC_URI[sha256sum] = "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" diff --git a/poky/meta/recipes-devtools/gdb/gdb.inc b/poky/meta/recipes-devtools/gdb/gdb.inc index 0f10b4173..249e24dc5 100644 --- a/poky/meta/recipes-devtools/gdb/gdb.inc +++ b/poky/meta/recipes-devtools/gdb/gdb.inc @@ -10,4 +10,5 @@ PACKAGES =+ "gdbserver" FILES_gdbserver = "${bindir}/gdbserver" ALLOW_EMPTY_gdbserver_riscv64 = "1" +ALLOW_EMPTY_gdbserver_riscv32 = "1" diff --git a/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch b/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch new file mode 100644 index 000000000..f142ed00d --- /dev/null +++ b/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch @@ -0,0 +1,98 @@ +From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001 +From: Sandra Loosemore <sandra@codesourcery.com> +Date: Thu, 25 Apr 2019 07:27:02 -0700 +Subject: [PATCH] Detect invalid length field in debug frame FDE header. + +GDB was failing to catch cases where a corrupt ELF or core file +contained an invalid length value in a Dwarf debug frame FDE header. +It was checking for buffer overflow but not cases where the length was +negative or caused pointer wrap-around. + +In addition to the additional validity check, this patch cleans up the +multiple signed/unsigned conversions on the length field so that an +unsigned representation is used consistently throughout. + +This patch fixes CVE-2017-9778 and PR gdb/21600. + +2019-04-25 Sandra Loosemore <sandra@codesourcery.com> + Kang Li <kanglictf@gmail.com> + + PR gdb/21600 + + * dwarf2-frame.c (read_initial_length): Be consistent about using + unsigned representation of length. + (decode_frame_entry_1): Likewise. Check for wraparound of + end pointer as well as buffer overflow. + +Upstream-Status: Backport +CVE: CVE-2017-9778 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + gdb/ChangeLog | 10 ++++++++++ + gdb/dwarf2-frame.c | 14 +++++++------- + 2 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/gdb/ChangeLog b/gdb/ChangeLog +index 1c125de..d028d2b 100644 +--- a/gdb/ChangeLog ++++ b/gdb/ChangeLog +@@ -1,3 +1,13 @@ ++2019-04-25 Sandra Loosemore <sandra@codesourcery.com> ++ Kang Li <kanglictf@gmail.com> ++ ++ PR gdb/21600 ++ ++ * dwarf2-frame.c (read_initial_length): Be consistent about using ++ unsigned representation of length. ++ (decode_frame_entry_1): Likewise. Check for wraparound of ++ end pointer as well as buffer overflow. ++ + 2019-05-11 Joel Brobecker <brobecker@adacore.com> + + * version.in: Set GDB version number to 8.3. +diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c +index 178ac44..dc5d3b3 100644 +--- a/gdb/dwarf2-frame.c ++++ b/gdb/dwarf2-frame.c +@@ -1488,7 +1488,7 @@ static ULONGEST + read_initial_length (bfd *abfd, const gdb_byte *buf, + unsigned int *bytes_read_ptr) + { +- LONGEST result; ++ ULONGEST result; + + result = bfd_get_32 (abfd, buf); + if (result == 0xffffffff) +@@ -1789,7 +1789,7 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start, + { + struct gdbarch *gdbarch = get_objfile_arch (unit->objfile); + const gdb_byte *buf, *end; +- LONGEST length; ++ ULONGEST length; + unsigned int bytes_read; + int dwarf64_p; + ULONGEST cie_id; +@@ -1800,15 +1800,15 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start, + buf = start; + length = read_initial_length (unit->abfd, buf, &bytes_read); + buf += bytes_read; +- end = buf + length; +- +- /* Are we still within the section? */ +- if (end > unit->dwarf_frame_buffer + unit->dwarf_frame_size) +- return NULL; ++ end = buf + (size_t) length; + + if (length == 0) + return end; + ++ /* Are we still within the section? */ ++ if (end <= buf || end > unit->dwarf_frame_buffer + unit->dwarf_frame_size) ++ return NULL; ++ + /* Distinguish between 32 and 64-bit encoded frame info. */ + dwarf64_p = (bytes_read == 12); + +-- +2.20.1 + diff --git a/poky/meta/recipes-devtools/gdb/gdb_8.3.bb b/poky/meta/recipes-devtools/gdb/gdb_8.3.bb index c6eac84dd..d70757a15 100644 --- a/poky/meta/recipes-devtools/gdb/gdb_8.3.bb +++ b/poky/meta/recipes-devtools/gdb/gdb_8.3.bb @@ -26,4 +26,3 @@ EOF chmod +x ${WORKDIR}/python fi } -CPPFLAGS_append_libc-musl = " -Drpl_gettimeofday=gettimeofday -Drpl_stat=stat" |