devel

devel@uclibc-ng.org

3 participants
1149 discussions

Re: [uclibc-ng-devel] CVE-2016-4429 vulnerability

by Waldemar Brodkorb

Hi Gopi, siva gopi raju kudeti wrote, > Hi uClibc team, > > I am using uClibc-0.9.33.2.tar.bz2 in my product. Here i want to know that > uClibc is CVE-2016-4429 vulnerable or not. > > CVE-2016-4429 is stack overflow vulnerability. So, I have seen some code > snippet which affects the stack overflow in the > function clntudp_call in the file clnt_udp.c. But i don't know how to test > it, for actually affecting the stack. > > Can you please provide me with the test process or give me the results if > it is vulnerable to the CVE-2016-4429 if you have done testing already. > > I will wait for your reply. I do not think the uClibc project is active anymore. I have added the GNU libc patch to uClibc-ng: http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=9213ad631513d0e… It will be in the next release. You should better switch to uClibc-ng with your product. best regards Waldemar

8 years, 7 months

[PATCH] ARC: Support R_ARC_JMP_SLOT relocations during bootstrap

by Andrew Burgess

I ran into this issue while trying to debug a _different_ issue witin the uClinc(-ng) arc dynamic linker. I turned on debugging support within the dynamic linker, and the linker would no longer complete its bootstrap phase due to a lack of support for the R_ARC_JMP_SLOT relocation type. To reproduce this issue it should be enough to configure uClibc(-ng) for ARC with 'DODEBUG=y', then try to run anything that requires dynamic linking. The R_ARC_JMP_SLOT relocation type is used within the .plt, so I believe it makes sense for these relocations to be generated. I updated the associated comment above the boostrap patching code so that it makes more sense (to me at least) with the extra relocation support. I wonder if you would consider merging this patch? Thanks, Andrew --- This commit adds support for R_ARC_JMP_SLOT relocations during the bootstrap phase of the dynamic linker. These relocations will be generated if uClibc is configured with 'DODEBUG=y'. --- ldso/ldso/arc/dl-startup.h | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ldso/ldso/arc/dl-startup.h b/ldso/ldso/arc/dl-startup.h index ef89b53..fadc433 100644 --- a/ldso/ldso/arc/dl-startup.h +++ b/ldso/ldso/arc/dl-startup.h @@ -64,10 +64,11 @@ __asm__( /* * Dynamic loader bootstrapping: - * Since we don't modify text at runtime, these can only be data relos - * (so safe to assume that they are word aligned). - * And also they HAVE to be RELATIVE relos only - * @RELP is the relo entry being processed + * The only relocations that should be found are either R_ARC_RELATIVE for + * data relocations (.got, etc) or R_ARC_JMP_SLOT for code relocations + * (.plt). It is safe to assume that all of these relocations are word + * aligned. + * @RELP is the reloc entry being processed * @REL is the pointer to the address we are relocating. * @SYMBOL is the symbol involved in the relocation * @LOAD is the load address. @@ -78,6 +79,8 @@ do { \ int type = ELF32_R_TYPE((RELP)->r_info); \ if (likely(type == R_ARC_RELATIVE)) \ *REL += (unsigned long) LOAD; \ + else if (type == R_ARC_JMP_SLOT) \ + *REL = SYMBOL; \ else \ _dl_exit(1); \ }while(0) -- 2.5.1

8 years, 7 months

uClibc-ng - small C library for embedded systems branch master updated. v1.0.17-2-gbbd7151

by wbx＠helium.openadk.org

8 years, 7 months

uClibc-ng - small C library for embedded systems branch master updated. v1.0.17-1-g9213ad6

by wbx＠helium.openadk.org

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "uClibc-ng - small C library for embedded systems". The branch, master has been updated via 9213ad631513d0e67d9d31465c9cdb3f3dde0399 (commit) from 79dc2c282b655adb8d5075d9eb2519883042ccf8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9213ad631513d0e67d9d31465c9cdb3f3dde0399 Author: Waldemar Brodkorb <wbx(a)uclibc-ng.org> Date: Fri Aug 5 21:33:44 2016 +0200 sunrpc: Do not use alloca in clntudp_call CVE-2016-4429: The call is technically in a loop, and under certain circumstances (which are quite difficult to reproduce in a test case), alloca can be invoked repeatedly during a single call to clntudp_call. As a result, the available stack space can be exhausted (even though individual alloca sizes are bounded implicitly by what can fit into a UDP packet, as a side effect of the earlier successful send operation). From GNU libc: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=bc779a1a5b3035… ----------------------------------------------------------------------- Summary of changes: libc/inet/rpc/clnt_udp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libc/inet/rpc/clnt_udp.c b/libc/inet/rpc/clnt_udp.c index 4fc55b7..ce7e9e6 100644 --- a/libc/inet/rpc/clnt_udp.c +++ b/libc/inet/rpc/clnt_udp.c @@ -368,9 +368,15 @@ send_again: struct sock_extended_err *e; struct sockaddr_in err_addr; struct iovec iov; - char *cbuf = (char *) alloca (outlen + 256); + char *cbuf = malloc (outlen + 256); int ret; + if (cbuf == NULL) + { + cu->cu_error.re_errno = errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } + iov.iov_base = cbuf + 256; iov.iov_len = outlen; msg.msg_name = (void *) &err_addr; @@ -395,10 +401,12 @@ send_again: cmsg = CMSG_NXTHDR (&msg, cmsg)) if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) { + free (cbuf); e = (struct sock_extended_err *) CMSG_DATA(cmsg); cu->cu_error.re_errno = e->ee_errno; return (cu->cu_error.re_status = RPC_CANTRECV); } + free (cbuf); } #endif do hooks/post-receive -- uClibc-ng - small C library for embedded systems

8 years, 7 months

new release 1.0.17

by Waldemar Brodkorb

Hi, I cut a new release mainly for inclusion in Buildroot rc1. It includes a lot of cleanup patches and some ARC improvements including PIE support. Have fun Waldemar

8 years, 7 months

uClibc-ng - small C library for embedded systems annotated tag v1.0.17 created. v1.0.17

by wbx＠helium.openadk.org

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "uClibc-ng - small C library for embedded systems". The annotated tag, v1.0.17 has been created at b2d83aba010076b234d6290a91bb824e926e35bb (tag) tagging 79dc2c282b655adb8d5075d9eb2519883042ccf8 (commit) replaces v1.0.16 tagged by Waldemar Brodkorb on Mon Aug 1 13:45:28 2016 +0200 - Log ----------------------------------------------------------------- release 1.0.17 - Delirium Tremens -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAABCAAGBQJXnzZaAAoJEMEz+QKmmH5iJicQAIoYPmcM8r286pIHJQ4+KRJY HB2VbZ+kFXz7vqcZmd2NO+niCJv9SMPyRUsVz68uQpdNHsN6/TUPPtwr1M6IlpsR 1Oyk/PNWg1lWQGyFLj9gajO32L5LVQpgcP7VckQeNlQ1VDAL1o+oWuWkh0z9CLOV l6NESV7o9LDcAOsQ/NIfxCencFCxiVkvYfg/LAwocWWLMNsekkqDqOS+C4BaiVco 5hoWWdZgF2ynfF+tJH3a6JLpSDIodkVmyFuqABhuNfOnXrC071ZMNUWdcrOx3qOw pDXmo00M49t69ElAEU0tVZTbnfENuNmczguZjO5TsueLDeatntpy8Rgy9j/sDQ/y VUeTDo2bX2pFGhPJo27vfzl7kSHkswxvtYs2KD02wlBzzHdaFgCAco/bvcTsLpCz ThbpqkRmi4nyzvEH0L4S/j2vgNQXVkHrHRTrpxux4Mb122E/KBxV9nFCwK0fqc/2 Ak7RR9Bdt9NHgTMFPbXMIe2XM4KeVJPgwKIUv7xoeI/PM83Rjw0aCizzjHKqtiiI wvNtWNjPxxkA2Msvs04pF9pOdewZwtZvPqslVIcO/BdkZPWVcZSyijtAiSQZ92Jm U38ohmbW1Pk3TRiBiu9VCT4plyhbAn9AAMlK1nYEfQhm1TG+6xangI/t4p9Tuu7m c78hiC/PpvGzjj5Hr9Az =eoij -----END PGP SIGNATURE----- Alexey Brodkin (3): arc: clone: Recover PID correctly arc: clone: Fix CLONE_THREAD detection arc: clone: Simplify CLONE_THREAD detection Andrew Burgess (2): ARC: Support R_ARC_JMP_SLOT relocations during bootstrap ARC: Update relocation syntax for old-thread model code Cupertino Miranda (1): arc: crt1: Fix to PIE Martin Thomas (1): The file list is at the beginning now Waldemar Brodkorb (14): arm: cleanup redundant macros for syscalls bfin: allow to build ldd x86_64: refresh ULPs x86_64: use C implementation for pthread_cond_wait/pthread_cond_timedwait mips: add regdef.h glibc compatibility header cleanup PTR_MANGLE/PTR_DEMANGLE support x86_64: remove dead code, SHARED is not defined when compiling cleanup CALL_MCOUNT / PROF test: reorganize tls macros in separate architecture files deduplicate jmpbuf-unwind.h remove unused code, RTLD_PRIVATE_ERRNO is never defined include missing Linux extension headers for poll.h fix minor portability issue, use printf bump for release ----------------------------------------------------------------------- hooks/post-receive -- uClibc-ng - small C library for embedded systems

8 years, 7 months

uClibc-ng - small C library for embedded systems branch master updated. v1.0.16-21-g79dc2c2

by wbx＠helium.openadk.org

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "uClibc-ng - small C library for embedded systems". The branch, master has been updated via 79dc2c282b655adb8d5075d9eb2519883042ccf8 (commit) via e189f98fcf778031299378f193c52447af6e752a (commit) from ef7cb0f8678ea5cf55aa210c09e8f27d262f42d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 79dc2c282b655adb8d5075d9eb2519883042ccf8 Author: Waldemar Brodkorb <wbx(a)uclibc-ng.org> Date: Mon Aug 1 13:43:34 2016 +0200 bump for release commit e189f98fcf778031299378f193c52447af6e752a Author: Cupertino Miranda <cmiranda(a)synopsys.com> Date: Mon Aug 1 10:44:42 2016 +0300 arc: crt1: Fix to PIE crt1.S needed to use a got relative reference. Libraries like pthreads define a _init and unless it is GOT, the linker will fail because it will try to create a dynamic reloc on .text section, more precisely on __start. Signed-off-by: Cupertino Miranda <cmiranda(a)synopsys.com> Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Vlad Zakharov <vzakhar(a)synopsys.com> Cc: Vineet Gupta <vgupta(a)synopsys.com> ----------------------------------------------------------------------- Summary of changes: Rules.mak | 2 +- libc/sysdeps/linux/arc/crt1.S | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Rules.mak b/Rules.mak index 6188d16..8d0e66a 100644 --- a/Rules.mak +++ b/Rules.mak @@ -127,7 +127,7 @@ export RUNTIME_PREFIX DEVEL_PREFIX KERNEL_HEADERS MULTILIB_DIR # Now config hard core MAJOR_VERSION := 1 MINOR_VERSION := 0 -SUBLEVEL := 16 +SUBLEVEL := 17 EXTRAVERSION := VERSION := $(MAJOR_VERSION).$(MINOR_VERSION).$(SUBLEVEL) ABI_VERSION := $(MAJOR_VERSION) diff --git a/libc/sysdeps/linux/arc/crt1.S b/libc/sysdeps/linux/arc/crt1.S index 178c5b4..ae863e7 100644 --- a/libc/sysdeps/linux/arc/crt1.S +++ b/libc/sysdeps/linux/arc/crt1.S @@ -42,9 +42,9 @@ __start: mov_s r5, r0 ; rltd_fini add_s r2, sp, 4 ; argv #ifdef L_Scrt1 - add r0, pcl, @main@pcl - add r3, pcl, @_init@pcl - add r4, pcl, @_fini@pcl + ld r0, [pcl, @main@gotpc] + ld r3, [pcl, @_init@gotpc] + ld r4, [pcl, @_fini@gotpc] #else mov_s r0, main mov_s r3, _init hooks/post-receive -- uClibc-ng - small C library for embedded systems

8 years, 7 months

[PATCH] arc: crt1: Fix to PIE

by Alexey Brodkin

From: Cupertino Miranda <cmiranda(a)synopsys.com> crt1.S needed to use a got relative reference. Libraries like pthreads define a _init and unless it is GOT, the linker will fail because it will try to create a dynamic reloc on .text section, more precisely on __start. Signed-off-by: Cupertino Miranda <cmiranda(a)synopsys.com> Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Vlad Zakharov <vzakhar(a)synopsys.com> Cc: Vineet Gupta <vgupta(a)synopsys.com> --- libc/sysdeps/linux/arc/crt1.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libc/sysdeps/linux/arc/crt1.S b/libc/sysdeps/linux/arc/crt1.S index 178c5b4..ae863e7 100644 --- a/libc/sysdeps/linux/arc/crt1.S +++ b/libc/sysdeps/linux/arc/crt1.S @@ -42,9 +42,9 @@ __start: mov_s r5, r0 ; rltd_fini add_s r2, sp, 4 ; argv #ifdef L_Scrt1 - add r0, pcl, @main@pcl - add r3, pcl, @_init@pcl - add r4, pcl, @_fini@pcl + ld r0, [pcl, @main@gotpc] + ld r3, [pcl, @_init@gotpc] + ld r4, [pcl, @_fini@gotpc] #else mov_s r0, main mov_s r3, _init -- 2.7.4

8 years, 7 months

uClibc-ng - small C library for embedded systems branch master updated. v1.0.16-19-gef7cb0f

by wbx＠helium.openadk.org

8 years, 7 months

uClibc-ng - small C library for embedded systems branch master updated. v1.0.16-18-g7a575d9

by wbx＠helium.openadk.org

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "uClibc-ng - small C library for embedded systems". The branch, master has been updated via 7a575d98449780a95fc4004b179a2ea0dcd0f468 (commit) from 3649052470197e302eee69de7c7f519d63dd1f45 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7a575d98449780a95fc4004b179a2ea0dcd0f468 Author: Waldemar Brodkorb <wbx(a)uclibc-ng.org> Date: Sun Jul 31 13:22:00 2016 +0200 include missing Linux extension headers for poll.h This was found by Buildroot autobuilders for m68k. ----------------------------------------------------------------------- Summary of changes: libc/sysdeps/linux/c6x/bits/poll.h | 7 +++++++ libc/sysdeps/linux/m68k/bits/poll.h | 7 +++++++ libc/sysdeps/linux/microblaze/bits/poll.h | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/libc/sysdeps/linux/c6x/bits/poll.h b/libc/sysdeps/linux/c6x/bits/poll.h index 1d845eb..4c984cc 100644 --- a/libc/sysdeps/linux/c6x/bits/poll.h +++ b/libc/sysdeps/linux/c6x/bits/poll.h @@ -34,6 +34,13 @@ # define POLLWRBAND 0x100 /* Priority data may be written. */ #endif +#ifdef __USE_GNU +/* These are extensions for Linux. */ +# define POLLMSG 0x400 +# define POLLREMOVE 0x1000 +# define POLLRDHUP 0x2000 +#endif + /* Event types always implicitly polled for. These bits need not be set in `events', but they will appear in `revents' to indicate the status of the file descriptor. */ diff --git a/libc/sysdeps/linux/m68k/bits/poll.h b/libc/sysdeps/linux/m68k/bits/poll.h index 1d845eb..4c984cc 100644 --- a/libc/sysdeps/linux/m68k/bits/poll.h +++ b/libc/sysdeps/linux/m68k/bits/poll.h @@ -34,6 +34,13 @@ # define POLLWRBAND 0x100 /* Priority data may be written. */ #endif +#ifdef __USE_GNU +/* These are extensions for Linux. */ +# define POLLMSG 0x400 +# define POLLREMOVE 0x1000 +# define POLLRDHUP 0x2000 +#endif + /* Event types always implicitly polled for. These bits need not be set in `events', but they will appear in `revents' to indicate the status of the file descriptor. */ diff --git a/libc/sysdeps/linux/microblaze/bits/poll.h b/libc/sysdeps/linux/microblaze/bits/poll.h index 9b284c8..27c3219 100644 --- a/libc/sysdeps/linux/microblaze/bits/poll.h +++ b/libc/sysdeps/linux/microblaze/bits/poll.h @@ -34,6 +34,13 @@ # define POLLWRBAND 0x0200 /* Priority data may be written. */ #endif +#ifdef __USE_GNU +/* These are extensions for Linux. */ +# define POLLMSG 0x400 +# define POLLREMOVE 0x1000 +# define POLLRDHUP 0x2000 +#endif + /* Event types always implicitly polled for. These bits need not be set in `events', but they will appear in `revents' to indicate the status of the file descriptor. */ hooks/post-receive -- uClibc-ng - small C library for embedded systems

8 years, 7 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

devel