pool/valgrind
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/valgrind?expand=0&rev=25

Browse Source
This commit is contained in:
OBS User unknown 2008-11-28 11:23:11 +00:00 committed by Git OBS Bridge
parent a8ef7cee52
commit 7e3bf70d68
4 changed files with 63 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cve-2008-4865.diff
View File

@ -13,7 +13,7 @@
<computeroutput>$VALGRIND_OPTS</computeroutput> or the
--- coregrind/m_commandline.c
+++ coregrind/m_commandline.c
@@ -57,21 +57,24 @@ static HChar* read_dot_valgrindrc ( HCha
@@ -57,23 +57,33 @@ static HChar* read_dot_valgrindrc ( HCha
{
Int n;
SysRes fd;
@ -30,17 +30,29 @@
- size = VG_(fsize)(fd.res);
- if (size > 0) {
- f_clo = VG_(malloc)(size+1);
- vg_assert(f_clo);
- n = VG_(read)(fd.res, f_clo, size);
- if (n == -1) n = 0;
- vg_assert(n >= 0 && n <= size+1);
- f_clo[n] = '\0';
+ Int res = VG_(fstat)( fd.res, &stat_buf );
+ // Ignore if not owned by current user or world writeable (CVE-2008-4865)
+ if (!res && stat_buf.st_size > 0 && stat_buf.st_uid == VG_(geteuid)()
+ && (!stat_buf.st_mode & (VKI_S_IWOTH))) {
+ if (!res && stat_buf.st_uid == VG_(geteuid)()
+ && (!(stat_buf.st_mode & VKI_S_IWOTH))) {
+ if ( stat_buf.st_size > 0) {
+ f_clo = VG_(malloc)(stat_buf.st_size+1);
vg_assert(f_clo);
- n = VG_(read)(fd.res, f_clo, size);
+ vg_assert(f_clo);
+ n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
if (n == -1) n = 0;
- vg_assert(n >= 0 && n <= size+1);
+ if (n == -1) n = 0;
+ vg_assert(n >= 0 && n <= stat_buf.st_size+1);
f_clo[n] = '\0';
+ f_clo[n] = '\0';
+ }
}
+ else
+ VG_(message)(Vg_UserMsg,
+ "%s was not read as it is world writeable or not owned by the "
+ "current user", filename);
+
VG_(close)(fd.res);
}
return f_clo;

63
glibc-2.9-support.diff
View File

@ -39,11 +39,12 @@
AC_MSG_ERROR([or AIX 5.1 or 5.2 or 5.3 libc])
;;
esac
--- glibc-2.9.supp
+++ glibc-2.9.supp
@@ -0,0 +1,95 @@
+
+# Errors to suppress by default with glibc 2.8.x
+# Errors to suppress by default with glibc 2.9.x
+
+# Format of this file is:
+# {
@ -68,72 +69,72 @@
+{
+ dl-hack3-cond-1
+ Memcheck:Cond
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+}
+{
+ dl-hack3-cond-2
+ Memcheck:Cond
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/libc-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/libc-2.9*.so*
+}
+{
+ dl-hack3-cond-3
+ Memcheck:Cond
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/libc-2.8*.so*
+ obj:/lib*/libc-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/libc-2.9*.so*
+ obj:/lib*/libc-2.9*.so*
+}
+{
+ dl-hack3-cond-4
+ Memcheck:Cond
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/libdl-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/libdl-2.9*.so*
+}
+
+{
+ dl-hack4-64bit-addr-1
+ Memcheck:Addr8
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+}
+{
+ dl-hack4-64bit-addr-2
+ Memcheck:Addr8
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/libc-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/libc-2.9*.so*
+}
+{
+ dl-hack4-64bit-addr-3
+ Memcheck:Addr8
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/ld-2.8*.so*
+ obj:/lib*/libdl-2.8*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/ld-2.9*.so*
+ obj:/lib*/libdl-2.9*.so*
+}
+
+{
+ dl-hack5-32bit-addr-1
+ Memcheck:Addr4
+ obj:/lib/ld-2.8*.so
+ obj:/lib/ld-2.8*.so
+ obj:/lib/ld-2.8*.so
+ obj:/lib/ld-2.9*.so
+ obj:/lib/ld-2.9*.so
+ obj:/lib/ld-2.9*.so
+}
+{
+ dl-hack5-32bit-addr-3
+ Memcheck:Addr4
+ obj:/lib/ld-2.8*.so
+ obj:/lib/ld-2.8*.so
+ obj:/lib/libdl-2.8*.so*
+ obj:/lib/ld-2.9*.so
+ obj:/lib/ld-2.9*.so
+ obj:/lib/libdl-2.9*.so*
+}
+{
+ dl-hack5-32bit-addr-4
+ Memcheck:Addr4
+ obj:/lib/ld-2.8*.so
+ obj:/lib/libdl-2.8*.so*
+ obj:/lib/ld-2.8*.so
+ obj:/lib/ld-2.9*.so
+ obj:/lib/libdl-2.9*.so*
+ obj:/lib/ld-2.9*.so
+}

5
valgrind.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Sun Nov 23 00:45:36 CET 2008 - dmueller@suse.de
- update suppressions
-------------------------------------------------------------------
Thu Nov 20 00:32:49 CET 2008 - dmueller@suse.de

4
valgrind.spec
View File

@ -28,7 +28,7 @@ Group: Development/Tools/Debuggers
Summary: Valgrind Suite of Tools for Debugging and Profiling
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Version: 3.3.1
Release: 32
Release: 33
Source0: %{name}-%{version}.tar.bz2
# svn di svn://svn.valgrind.org/valgrind/tags/VALGRIND_3_2_1 svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_2_BRANCH > 3_2_BRANCH.diff
# svn di svn://svn.valgrind.org/vex/tags/VEX_3_2_1 svn://svn.valgrind.org/vex/branches/VEX_3_2_BRANCH > VEX_3_2_BRANCH.diff
@ -159,6 +159,8 @@ mv $RPM_BUILD_ROOT/usr/share/doc/valgrind $RPM_BUILD_ROOT/usr/share/doc/packages
%_libdir/valgrind/*/*.a
%changelog
* Sun Nov 23 2008 dmueller@suse.de
- update suppressions
* Thu Nov 20 2008 dmueller@suse.de
- fix .valgrindrc reading vulnerability (CVE-2008-4865, bnc#445013)
- add support for glibc 2.9