Patches for CVE-2006-4146 from https://bugzilla.redhat.com/show_bug.cgi?id=204841diff -r1.29 -r1.30 pkgsrc/devel/gdb6/Makefile
(tez)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.29 2012/10/31 11:16:59 asau Exp $ | 1 | # $NetBSD: Makefile,v 1.30 2012/11/20 23:13:03 tez Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= gdb-6.2.1 | 4 | DISTNAME= gdb-6.2.1 | |
5 | PKGREVISION= 6 | 5 | PKGREVISION= 7 | |
6 | CATEGORIES= devel | 6 | CATEGORIES= devel | |
7 | MASTER_SITES= ftp://sources.redhat.com/pub/gdb/releases/ | 7 | MASTER_SITES= ftp://sources.redhat.com/pub/gdb/releases/ | |
8 | EXTRACT_SUFX= .tar.bz2 | 8 | EXTRACT_SUFX= .tar.bz2 | |
9 | 9 | |||
10 | MAINTAINER= shannonjr@NetBSD.org | 10 | MAINTAINER= shannonjr@NetBSD.org | |
11 | HOMEPAGE= http://www.gnu.org/software/gdb/gdb.html | 11 | HOMEPAGE= http://www.gnu.org/software/gdb/gdb.html | |
12 | COMMENT= The GNU Project Debugger | 12 | COMMENT= The GNU Project Debugger | |
13 | 13 | |||
14 | NOT_FOR_PLATFORM= Darwin-*-* DragonFly-*-* | 14 | NOT_FOR_PLATFORM= Darwin-*-* DragonFly-*-* | |
15 | 15 | |||
16 | USE_TOOLS+= gmake makeinfo msgfmt | 16 | USE_TOOLS+= gmake makeinfo msgfmt | |
17 | USE_LIBTOOL= yes | 17 | USE_LIBTOOL= yes | |
18 | USE_PKGLOCALEDIR= yes | 18 | USE_PKGLOCALEDIR= yes |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.13 2009/09/09 12:50:58 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.14 2012/11/20 23:13:04 tez Exp $ | |
2 | 2 | |||
3 | SHA1 (gdb-6.2.1.tar.bz2) = 50cee3887744c4140aafcc0e4eb579d94464dfd7 | 3 | SHA1 (gdb-6.2.1.tar.bz2) = 50cee3887744c4140aafcc0e4eb579d94464dfd7 | |
4 | RMD160 (gdb-6.2.1.tar.bz2) = 6fe9f3bbef076c55cbcdf05143e7d5f98f61f889 | 4 | RMD160 (gdb-6.2.1.tar.bz2) = 6fe9f3bbef076c55cbcdf05143e7d5f98f61f889 | |
5 | Size (gdb-6.2.1.tar.bz2) = 12820148 bytes | 5 | Size (gdb-6.2.1.tar.bz2) = 12820148 bytes | |
6 | SHA1 (patch-aa) = afb8d7805c2c01c131bc4a7949a532e5372817c0 | 6 | SHA1 (patch-aa) = afb8d7805c2c01c131bc4a7949a532e5372817c0 | |
7 | SHA1 (patch-ab) = b5c98fc990606e2f5c566864d02565d8fc9adeb4 | 7 | SHA1 (patch-ab) = b5c98fc990606e2f5c566864d02565d8fc9adeb4 | |
8 | SHA1 (patch-ac) = bc9a4e5d77d571a6f06b88984fb2030beec37654 | 8 | SHA1 (patch-ac) = bc9a4e5d77d571a6f06b88984fb2030beec37654 | |
9 | SHA1 (patch-ad) = 7fddbe93dda4ddb659b050b0b511f5cb19e2777e | 9 | SHA1 (patch-ad) = 7fddbe93dda4ddb659b050b0b511f5cb19e2777e | |
10 | SHA1 (patch-ae) = 19dbdb326643bf32a3d0c26cfea056cca19deb13 | 10 | SHA1 (patch-ae) = 19dbdb326643bf32a3d0c26cfea056cca19deb13 | |
11 | SHA1 (patch-af) = 976cbe2b27c23a113c43cab791562a04d9e6d7e3 | 11 | SHA1 (patch-af) = 976cbe2b27c23a113c43cab791562a04d9e6d7e3 | |
12 | SHA1 (patch-ag) = c53cc22ac5a2c5d5b2c1a7b0825558d8787b2bed | 12 | SHA1 (patch-ag) = c53cc22ac5a2c5d5b2c1a7b0825558d8787b2bed | |
13 | SHA1 (patch-ah) = 048c03512a18f3234422a3afc00d6c45f2dea58d | 13 | SHA1 (patch-ah) = 048c03512a18f3234422a3afc00d6c45f2dea58d | |
14 | SHA1 (patch-ai) = 66e40920b5de734cbcf66c0b357e82a74f3c48c0 | 14 | SHA1 (patch-ai) = 66e40920b5de734cbcf66c0b357e82a74f3c48c0 | |
@@ -36,13 +36,15 @@ SHA1 (patch-bd) = 840ce6ceb34afea4c8b789 | @@ -36,13 +36,15 @@ SHA1 (patch-bd) = 840ce6ceb34afea4c8b789 | |||
36 | SHA1 (patch-be) = dd353978d62cc45aadf6259e8b5f7b2895317f9c | 36 | SHA1 (patch-be) = dd353978d62cc45aadf6259e8b5f7b2895317f9c | |
37 | SHA1 (patch-bf) = 1c56789841982089a32bdcca8465f6d2112503b0 | 37 | SHA1 (patch-bf) = 1c56789841982089a32bdcca8465f6d2112503b0 | |
38 | SHA1 (patch-bg) = 8a7c8e5d081d261b7493d633931d7003f49001ae | 38 | SHA1 (patch-bg) = 8a7c8e5d081d261b7493d633931d7003f49001ae | |
39 | SHA1 (patch-bh) = c62928b6b8c4857ddb373ab3ac7f111442672b9d | 39 | SHA1 (patch-bh) = c62928b6b8c4857ddb373ab3ac7f111442672b9d | |
40 | SHA1 (patch-bi) = 96f44172271f9a45f9136bda159371ee709da59a | 40 | SHA1 (patch-bi) = 96f44172271f9a45f9136bda159371ee709da59a | |
41 | SHA1 (patch-bj) = 43cf376dddf9f91dceee8d1eba853171fd873905 | 41 | SHA1 (patch-bj) = 43cf376dddf9f91dceee8d1eba853171fd873905 | |
42 | SHA1 (patch-bk) = 98f836c7007a668b812d119be294842a957cb507 | 42 | SHA1 (patch-bk) = 98f836c7007a668b812d119be294842a957cb507 | |
43 | SHA1 (patch-bl) = 12a9846fc08e8c3110897644d7803f67999b68f8 | 43 | SHA1 (patch-bl) = 12a9846fc08e8c3110897644d7803f67999b68f8 | |
44 | SHA1 (patch-bm) = baf198e86cb5e9d8b9f6b0bd6d7ccd1ca61227b4 | 44 | SHA1 (patch-bm) = baf198e86cb5e9d8b9f6b0bd6d7ccd1ca61227b4 | |
45 | SHA1 (patch-bn) = cfeee69148028782b9ab6580f0f619d5f3327325 | 45 | SHA1 (patch-bn) = cfeee69148028782b9ab6580f0f619d5f3327325 | |
46 | SHA1 (patch-bo) = 92221afaa93d9362057783c20100ce7ff1b5df9b | 46 | SHA1 (patch-bo) = 92221afaa93d9362057783c20100ce7ff1b5df9b | |
47 | SHA1 (patch-bp) = bff41b3fb0f5952cbcd37797ec4bb63f6f79da8d | 47 | SHA1 (patch-bp) = bff41b3fb0f5952cbcd37797ec4bb63f6f79da8d | |
48 | SHA1 (patch-br) = f1e1a0b16721cdc8b1379685a0598211e71cee49 | 48 | SHA1 (patch-br) = f1e1a0b16721cdc8b1379685a0598211e71cee49 | |
49 | SHA1 (patch-gdb_dwarf2read.c) = 811455c31b004a35ba557244037cde55c0161777 | |||
50 | SHA1 (patch-gdb_dwarfread.c) = 56a2210a50e31d464eb4ca295b3021d010f738d2 |
$NetBSD: patch-gdb_dwarf2read.c,v 1.1 2012/11/20 23:13:04 tez Exp $
Patch for CVE-2006-4146 from https://bugzilla.redhat.com/show_bug.cgi?id=204841
--- gdb/dwarf2read.c.orig 2004-07-06 19:29:30.000000000 +0000
+++ gdb/dwarf2read.c
@@ -8027,8 +8027,7 @@ dwarf2_fundamental_type (struct objfile
When the result is a register number, the global isreg flag is set,
otherwise it is cleared.
- Note that stack[0] is unused except as a default error return.
- Note that stack overflow is not yet handled. */
+ Note that stack[0] is unused except as a default error return. */
static CORE_ADDR
decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu)
@@ -8045,7 +8044,7 @@ decode_locdesc (struct dwarf_block *blk,
i = 0;
stacki = 0;
- stack[stacki] = 0;
+ stack[++stacki] = 0;
isreg = 0;
while (i < size)
@@ -8227,6 +8226,16 @@ decode_locdesc (struct dwarf_block *blk,
dwarf_stack_op_name (op));
return (stack[stacki]);
}
+ /* Enforce maximum stack depth of size-1 to avoid ++stacki writing
+ outside of the allocated space. Also enforce minimum > 0.
+ -- wad@google.com 14 Aug 2006 */
+ if (stacki >= sizeof (stack) / sizeof (*stack) - 1)
+ internal_error (__FILE__, __LINE__,
+ _("location description stack too deep: %d"),
+ stacki);
+ if (stacki <= 0)
+ internal_error (__FILE__, __LINE__,
+ _("location description stack too shallow"));
}
return (stack[stacki]);
}
$NetBSD: patch-gdb_dwarfread.c,v 1.1 2012/11/20 23:13:04 tez Exp $
Patch for CVE-2006-4146 from https://bugzilla.redhat.com/show_bug.cgi?id=204841
--- gdb/dwarfread.c.orig 2004-07-17 14:16:14.000000000 +0000
+++ gdb/dwarfread.c
@@ -2137,9 +2137,7 @@ decode_line_numbers (char *linetable)
NOTES
- Note that stack[0] is unused except as a default error return.
- Note that stack overflow is not yet handled.
- */
+ Note that stack[0] is unused except as a default error return. */
static int
locval (struct dieinfo *dip)
@@ -2159,7 +2157,7 @@ locval (struct dieinfo *dip)
loc += nbytes;
end = loc + locsize;
stacki = 0;
- stack[stacki] = 0;
+ stack[++stacki] = 0;
dip->isreg = 0;
dip->offreg = 0;
dip->optimized_out = 1;
@@ -2223,6 +2221,16 @@ locval (struct dieinfo *dip)
stacki--;
break;
}
+ /* Enforce maximum stack depth of size-1 to avoid ++stacki writing
+ outside of the allocated space. Also enforce minimum > 0.
+ -- wad@google.com 14 Aug 2006 */
+ if (stacki >= sizeof (stack) / sizeof (*stack) - 1)
+ internal_error (__FILE__, __LINE__,
+ _("location description stack too deep: %d"),
+ stacki);
+ if (stacki <= 0)
+ internal_error (__FILE__, __LINE__,
+ _("location description stack too shallow"));
}
return (stack[stacki]);
}