diff options
Diffstat (limited to 'patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch')
-rw-r--r-- | patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch | 199 |
1 files changed, 0 insertions, 199 deletions
diff --git a/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch b/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch deleted file mode 100644 index d027f7e..0000000 --- a/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch +++ /dev/null @@ -1,199 +0,0 @@ -From: Carlos O'Donell <carlos@redhat.com> -Date: Mon, 23 Sep 2013 00:52:09 -0400 -Subject: [PATCH] BZ #15754: CVE-2013-4788 - -The pointer guard used for pointer mangling was not initialized for -static applications resulting in the security feature being disabled. -The pointer guard is now correctly initialized to a random value for -static applications. Existing static applications need to be -recompiled to take advantage of the fix. - -The test tst-ptrguard1-static and tst-ptrguard1 add regression -coverage to ensure the pointer guards are sufficiently random -and initialized to a default value. ---- - ports/sysdeps/ia64/stackguard-macros.h | 3 +++ - ports/sysdeps/tile/stackguard-macros.h | 6 ++++++ - sysdeps/generic/stackguard-macros.h | 3 +++ - sysdeps/i386/stackguard-macros.h | 8 ++++++++ - sysdeps/powerpc/powerpc32/stackguard-macros.h | 10 ++++++++++ - sysdeps/powerpc/powerpc64/stackguard-macros.h | 10 ++++++++++ - sysdeps/s390/s390-32/stackguard-macros.h | 11 +++++++++++ - sysdeps/s390/s390-64/stackguard-macros.h | 14 ++++++++++++++ - sysdeps/sparc/sparc32/stackguard-macros.h | 3 +++ - sysdeps/sparc/sparc64/stackguard-macros.h | 3 +++ - sysdeps/x86_64/stackguard-macros.h | 5 +++++ - 11 files changed, 76 insertions(+) - -diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h -index dc683c2..3907293 100644 ---- a/ports/sysdeps/ia64/stackguard-macros.h -+++ b/ports/sysdeps/ia64/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; }) -diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h -index 589ea2b..f2e041b 100644 ---- a/ports/sysdeps/tile/stackguard-macros.h -+++ b/ports/sysdeps/tile/stackguard-macros.h -@@ -4,11 +4,17 @@ - # if __WORDSIZE == 64 - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; }) - # else - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; }) - # endif - #else - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; }) - #endif -diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h -index ababf65..4fa3d96 100644 ---- a/sysdeps/generic/stackguard-macros.h -+++ b/sysdeps/generic/stackguard-macros.h -@@ -2,3 +2,6 @@ - - extern uintptr_t __stack_chk_guard; - #define STACK_CHK_GUARD __stack_chk_guard -+ -+extern uintptr_t __pointer_chk_guard_local; -+#define POINTER_CHK_GUARD __pointer_chk_guard_local -diff --git a/sysdeps/i386/stackguard-macros.h b/sysdeps/i386/stackguard-macros.h -index 8c31e19..0397629 100644 ---- a/sysdeps/i386/stackguard-macros.h -+++ b/sysdeps/i386/stackguard-macros.h -@@ -2,3 +2,11 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("movl %%gs:%c1, %0" : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/powerpc/powerpc32/stackguard-macros.h b/sysdeps/powerpc/powerpc32/stackguard-macros.h -index 839f6a4..b3d0af8 100644 ---- a/sysdeps/powerpc/powerpc32/stackguard-macros.h -+++ b/sysdeps/powerpc/powerpc32/stackguard-macros.h -@@ -2,3 +2,13 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("lwz %0,%1(2)" \ -+ : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \ -+ ); \ -+ x; \ -+ }) -diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h -index 9da879c..4620f96 100644 ---- a/sysdeps/powerpc/powerpc64/stackguard-macros.h -+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h -@@ -2,3 +2,13 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ld %0,%1(2)" \ -+ : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \ -+ ); \ -+ x; \ -+ }) -diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h -index b74c579..449e8d4 100644 ---- a/sysdeps/s390/s390-32/stackguard-macros.h -+++ b/sysdeps/s390/s390-32/stackguard-macros.h -@@ -2,3 +2,14 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; }) -+ -+/* On s390/s390x there is no unique pointer guard, instead we use the -+ same value as the stack guard. */ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ear %0,%%a0; l %0,%1(%0)" \ -+ : "=a" (x) \ -+ : "i" (offsetof (tcbhead_t, stack_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h -index 0cebb5f..c8270fb 100644 ---- a/sysdeps/s390/s390-64/stackguard-macros.h -+++ b/sysdeps/s390/s390-64/stackguard-macros.h -@@ -2,3 +2,17 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; }) -+ -+/* On s390/s390x there is no unique pointer guard, instead we use the -+ same value as the stack guard. */ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ear %0,%%a0;" \ -+ "sllg %0,%0,32;" \ -+ "ear %0,%%a1;" \ -+ "lg %0,%1(%0)" \ -+ : "=a" (x) \ -+ : "i" (offsetof (tcbhead_t, stack_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/sparc/sparc32/stackguard-macros.h b/sysdeps/sparc/sparc32/stackguard-macros.h -index c0b02b0..1eef0f1 100644 ---- a/sysdeps/sparc/sparc32/stackguard-macros.h -+++ b/sysdeps/sparc/sparc32/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("ld [%%g7+0x18], %0" : "=r" (x)); x; }) -diff --git a/sysdeps/sparc/sparc64/stackguard-macros.h b/sysdeps/sparc/sparc64/stackguard-macros.h -index 80f0635..cc0c12c 100644 ---- a/sysdeps/sparc/sparc64/stackguard-macros.h -+++ b/sysdeps/sparc/sparc64/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("ldx [%%g7+0x30], %0" : "=r" (x)); x; }) -diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h -index d7fedb3..1948800 100644 ---- a/sysdeps/x86_64/stackguard-macros.h -+++ b/sysdeps/x86_64/stackguard-macros.h -@@ -4,3 +4,8 @@ - ({ uintptr_t x; \ - asm ("mov %%fs:%c1, %0" : "=r" (x) \ - : "i" (offsetof (tcbhead_t, stack_guard))); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; \ -+ asm ("mov %%fs:%c1, %0" : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard))); x; }) |