diff options
Diffstat (limited to 'dev-util/rizin')
-rw-r--r-- | dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch | 90 | ||||
-rw-r--r-- | dev-util/rizin/rizin-0.3.1-r2.ebuild | 103 |
2 files changed, 193 insertions, 0 deletions
diff --git a/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch new file mode 100644 index 000000000000..f7c511b5a0cf --- /dev/null +++ b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch @@ -0,0 +1,90 @@ +From aa6917772d2f32e5a7daab25a46c72df0b5ea406 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Florian=20M=C3=A4rkl?= <info@florianmaerkl.de> +Date: Fri, 10 Dec 2021 15:43:12 +0100 +Subject: [PATCH] Fix oob write for dwarf with abbrev with count 0 (Fix #2083) + (#2086) + +--- + librz/bin/dwarf.c | 40 ++++++++++++++++++++++----------------- + test/db/formats/elf/crash | 8 ++++++++ + 2 files changed, 31 insertions(+), 17 deletions(-) + +diff --git a/librz/bin/dwarf.c b/librz/bin/dwarf.c +index 1ed1d3517c2..23dd1f9f0b1 100644 +--- a/librz/bin/dwarf.c ++++ b/librz/bin/dwarf.c +@@ -1220,9 +1220,13 @@ static int init_die(RzBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) { + if (!die) { + return -1; + } +- die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count); +- if (!die->attr_values) { +- return -1; ++ if (attr_count) { ++ die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count); ++ if (!die->attr_values) { ++ return -1; ++ } ++ } else { ++ die->attr_values = NULL; + } + die->abbrev_code = abbr_code; + die->capacity = attr_count; +@@ -1726,25 +1730,27 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RzBinDwarfDebugI + size_t i; + const char *comp_dir = NULL; + ut64 line_info_offset = UT64_MAX; +- for (i = 0; i < abbrev->count - 1; i++) { +- memset(&die->attr_values[i], 0, sizeof(die->attr_values[i])); ++ if (abbrev->count) { ++ for (i = 0; i < abbrev->count - 1; i++) { ++ memset(&die->attr_values[i], 0, sizeof(die->attr_values[i])); + +- buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i], +- &die->attr_values[i], hdr, debug_str, debug_str_len, big_endian); ++ buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i], ++ &die->attr_values[i], hdr, debug_str, debug_str_len, big_endian); + +- RzBinDwarfAttrValue *attribute = &die->attr_values[i]; ++ RzBinDwarfAttrValue *attribute = &die->attr_values[i]; + +- if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) { +- comp_dir = attribute->string.content; +- } +- if (attribute->attr_name == DW_AT_stmt_list) { +- if (attribute->kind == DW_AT_KIND_CONSTANT) { +- line_info_offset = attribute->uconstant; +- } else if (attribute->kind == DW_AT_KIND_REFERENCE) { +- line_info_offset = attribute->reference; ++ if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) { ++ comp_dir = attribute->string.content; ++ } ++ if (attribute->attr_name == DW_AT_stmt_list) { ++ if (attribute->kind == DW_AT_KIND_CONSTANT) { ++ line_info_offset = attribute->uconstant; ++ } else if (attribute->kind == DW_AT_KIND_REFERENCE) { ++ line_info_offset = attribute->reference; ++ } + } ++ die->count++; + } +- die->count++; + } + + // If this is a compilation unit dir attribute, we want to cache it so the line info parsing +diff --git a/test/db/formats/elf/crash b/test/db/formats/elf/crash +index ea6c2c214bb..fb8a572bd56 100644 +--- a/test/db/formats/elf/crash ++++ b/test/db/formats/elf/crash +@@ -25,3 +25,11 @@ nth vaddr bind type lib name + [] + EOF + RUN ++ ++NAME=ELF/Dwarf: abbrev empty ++FILE=bins/elf/dwarf_fuzzed_abbrev_empty ++CMDS=<<EOF ++aaa ++EOF ++EXPECT= ++RUN diff --git a/dev-util/rizin/rizin-0.3.1-r2.ebuild b/dev-util/rizin/rizin-0.3.1-r2.ebuild new file mode 100644 index 000000000000..5148796711c6 --- /dev/null +++ b/dev-util/rizin/rizin-0.3.1-r2.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=(python3_{8,9,10}) + +# This is the commit that the CI for the release commit used +BINS_COMMIT="74b6e4511112b1a6abc571091efc32ec2a7d98a6" + +inherit meson python-any-r1 + +DESCRIPTION="reverse engineering framework for binary analysis" +HOMEPAGE="https://rizin.re/" + +SRC_URI="https://github.com/rizinorg/rizin/releases/download/v${PV}/rizin-src-v${PV}.tar.xz" + #test? ( https://github.com/rizinorg/rizin-testbins/archive/${BINS_COMMIT}.tar.gz -> rizin-testbins-${BINS_COMMIT}.tar.gz )" +KEYWORDS="~amd64 ~arm64 ~x86" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0/${PV}" +IUSE="test" + +# Need to audit licenses of the binaries used for testing +RESTRICT="test" + +RDEPEND=" + sys-apps/file + app-arch/lz4:0= + dev-libs/capstone:0= + dev-libs/libuv:0= + dev-libs/libzip:0= + dev-libs/openssl:0= + >=dev-libs/tree-sitter-0.19.0 + dev-libs/xxhash + sys-libs/zlib:0= +" +DEPEND="${RDEPEND}" +BDEPEND="${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-0.3.0-typedb-prefix.patch" + "${FILESDIR}/${P}-CVE-2021-43814.patch" +) + +S="${WORKDIR}/${PN}-v${PV}" + +src_prepare() { + default + + local py_to_mangle=( + librz/core/cmd_descs/cmd_descs_generate.py + subprojects/lz4-1.9.3/contrib/meson/meson/GetLz4LibraryVersion.py + subprojects/lz4-1.9.3/contrib/meson/meson/InstallSymlink.py + subprojects/lz4-1.9.3/tests/test-lz4-list.py + subprojects/lz4-1.9.3/tests/test-lz4-speed.py + subprojects/lz4-1.9.3/tests/test-lz4-versions.py + sys/clang-format.py + test/fuzz/scripts/fuzz_rz_asm.py + test/scripts/gdbserver.py + ) + + python_fix_shebang "${py_to_mangle[@]}" + + if use test; then + cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}/test/bins" || die + cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}" || die + fi +} + +src_configure() { + local emesonargs=( + -Dcli=enabled + -Duse_sys_capstone=enabled + -Duse_sys_magic=enabled + -Duse_sys_libzip=enabled + -Duse_sys_zlib=enabled + -Duse_sys_lz4=enabled + -Duse_sys_xxhash=enabled + -Duse_sys_openssl=enabled + -Duse_sys_tree_sitter=enabled + + $(meson_use test enable_tests) + $(meson_use test enable_rz_test) + ) + meson_src_configure +} + +src_test() { + # Rizin uses data files that it expects to be installed on the + # system. To hack around this, we create a tree of what it expects + # in ${T}, and patch the tests to support a prefix from the + # environment. https://github.com/rizinorg/rizin/issues/1789 + mkdir -p "${T}/usr/share/${PN}/${PV}" || die + ln -sf "${BUILD_DIR}/librz/analysis/d" "${T}/usr/share/${PN}/${PV}/types" || die + ln -sf "${BUILD_DIR}/librz/syscall/d" "${T}/usr/share/${PN}/${PV}/syscall" || die + ln -sf "${BUILD_DIR}/librz/asm/d" "${T}/usr/share/${PN}/${PV}/opcodes" || die + # https://github.com/rizinorg/rizin/issues/1797 + ln -sf "${BUILD_DIR}/librz/flag/d" "${T}/usr/share/${PN}/${PV}/flag" || die + export RZ_PREFIX="${T}/usr" + + meson_src_test +} |