head 1.2; access; symbols pkgsrc-2017Q3:1.1.0.90 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.86 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.84 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.82 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.80 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.78 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.76 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.74 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.72 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.70 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.68 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.66 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.64 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.62 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.60 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.58 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.56 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.54 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.52 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.50 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.48 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.46 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.44 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.42 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.40 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.38 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.36 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.34 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.32 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.30 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.28 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.26 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.24 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.22 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.20 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.18 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.16 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.14 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.12 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.10 pkgsrc-2008Q1:1.1.0.8 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.6 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.4 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2017.09.29.14.05.37; author kamil; state dead; branches; next 1.1; commitid GvS3YdZggBiM969A; 1.1 date 2007.07.03.12.32.28; author lkundrak; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2007.07.03.12.32.28; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2007.07.10.10.01.55; author ghen; state Exp; branches; next ; desc @@ 1.2 log @gdb6: Remove this package gdb6 has been eliminated from pkgsrc and moved to pkgsrc-wip/gdb6 for those who still may care about it. pkgsrc developers no longer intend to maintain this version in the main repository. @ text @$NetBSD: patch-bo,v 1.1 2007/07/03 12:32:28 lkundrak Exp $ Patch for CVE-2005-1704 sucked from upstream. * elfcode.h (elf_object_p): Add more sanity checks on elf header. --- bfd/elfcode.h.orig 2004-06-24 06:46:22.000000000 +0200 +++ bfd/elfcode.h @@@@ -613,8 +613,13 @@@@ elf_object_p (bfd *abfd) if (i_ehdrp->e_shoff != 0) { + bfd_signed_vma where = i_ehdrp->e_shoff; + + if (where != (file_ptr) where) + goto got_wrong_format_error; + /* Seek to the section header table in the file. */ - if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0) + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) goto got_no_match; /* Read the first section header at index 0, and convert to internal @@@@ -626,13 +631,50 @@@@ elf_object_p (bfd *abfd) /* If the section count is zero, the actual count is in the first section header. */ if (i_ehdrp->e_shnum == SHN_UNDEF) - i_ehdrp->e_shnum = i_shdr.sh_size; + { + i_ehdrp->e_shnum = i_shdr.sh_size; + if (i_ehdrp->e_shnum != i_shdr.sh_size) + goto got_wrong_format_error; + } /* And similarly for the string table index. */ if (i_ehdrp->e_shstrndx == SHN_XINDEX) - i_ehdrp->e_shstrndx = i_shdr.sh_link; + { + i_ehdrp->e_shstrndx = i_shdr.sh_link; + if (i_ehdrp->e_shstrndx != i_shdr.sh_link) + goto got_wrong_format_error; + } + + /* Sanity check that we can read all of the section headers. + It ought to be good enough to just read the last one. */ + if (i_ehdrp->e_shnum != 1) + { + /* Check that we don't have a totally silly number of sections. */ + if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr)) + goto got_wrong_format_error; + + where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr); + if (where != (file_ptr) where) + goto got_wrong_format_error; + if ((bfd_size_type) where <= i_ehdrp->e_shoff) + goto got_wrong_format_error; + + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) + goto got_no_match; + + /* Back to where we were. */ + where = i_ehdrp->e_shoff + sizeof (x_shdr); + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + } } + /* A further sanity check. */ + if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum) + goto got_wrong_format_error; + /* Allocate space for a copy of the section header table in internal form. */ if (i_ehdrp->e_shnum != 0) @ 1.1 log @Backported fixes for CAN-2005-1704 and CAN-2005-1705. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-bo was added on branch pkgsrc-2007Q2 on 2007-07-10 10:01:55 +0000 @ text @d1 75 @ 1.1.2.2 log @Pullup ticket 2134 - requested by lkundrak security fix for gdb - pkgsrc/devel/gdb6/Makefile 1.21 - pkgsrc/devel/gdb6/distinfo 1.11 - pkgsrc/devel/gdb6/patches/patch-bo 1.1 - pkgsrc/devel/gdb6/patches/patch-bp 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Tue Jul 3 12:32:28 UTC 2007 Modified Files: pkgsrc/devel/gdb6: Makefile distinfo Added Files: pkgsrc/devel/gdb6/patches: patch-bo patch-bp Log Message: Backported fixes for CAN-2005-1704 and CAN-2005-1705. @ text @a0 75 $NetBSD$ Patch for CVE-2005-1704 sucked from upstream. * elfcode.h (elf_object_p): Add more sanity checks on elf header. --- bfd/elfcode.h.orig 2004-06-24 06:46:22.000000000 +0200 +++ bfd/elfcode.h @@@@ -613,8 +613,13 @@@@ elf_object_p (bfd *abfd) if (i_ehdrp->e_shoff != 0) { + bfd_signed_vma where = i_ehdrp->e_shoff; + + if (where != (file_ptr) where) + goto got_wrong_format_error; + /* Seek to the section header table in the file. */ - if (bfd_seek (abfd, (file_ptr) i_ehdrp->e_shoff, SEEK_SET) != 0) + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) goto got_no_match; /* Read the first section header at index 0, and convert to internal @@@@ -626,13 +631,50 @@@@ elf_object_p (bfd *abfd) /* If the section count is zero, the actual count is in the first section header. */ if (i_ehdrp->e_shnum == SHN_UNDEF) - i_ehdrp->e_shnum = i_shdr.sh_size; + { + i_ehdrp->e_shnum = i_shdr.sh_size; + if (i_ehdrp->e_shnum != i_shdr.sh_size) + goto got_wrong_format_error; + } /* And similarly for the string table index. */ if (i_ehdrp->e_shstrndx == SHN_XINDEX) - i_ehdrp->e_shstrndx = i_shdr.sh_link; + { + i_ehdrp->e_shstrndx = i_shdr.sh_link; + if (i_ehdrp->e_shstrndx != i_shdr.sh_link) + goto got_wrong_format_error; + } + + /* Sanity check that we can read all of the section headers. + It ought to be good enough to just read the last one. */ + if (i_ehdrp->e_shnum != 1) + { + /* Check that we don't have a totally silly number of sections. */ + if (i_ehdrp->e_shnum > (unsigned int) -1 / sizeof (x_shdr)) + goto got_wrong_format_error; + + where += (i_ehdrp->e_shnum - 1) * sizeof (x_shdr); + if (where != (file_ptr) where) + goto got_wrong_format_error; + if ((bfd_size_type) where <= i_ehdrp->e_shoff) + goto got_wrong_format_error; + + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) + goto got_no_match; + + /* Back to where we were. */ + where = i_ehdrp->e_shoff + sizeof (x_shdr); + if (bfd_seek (abfd, (file_ptr) where, SEEK_SET) != 0) + goto got_no_match; + } } + /* A further sanity check. */ + if (i_ehdrp->e_shstrndx >= i_ehdrp->e_shnum) + goto got_wrong_format_error; + /* Allocate space for a copy of the section header table in internal form. */ if (i_ehdrp->e_shnum != 0) @