summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-util/rizin')
-rw-r--r--dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch90
-rw-r--r--dev-util/rizin/rizin-0.3.1-r2.ebuild103
2 files changed, 193 insertions, 0 deletions
diff --git a/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch
new file mode 100644
index 000000000000..f7c511b5a0cf
--- /dev/null
+++ b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch
@@ -0,0 +1,90 @@
+From aa6917772d2f32e5a7daab25a46c72df0b5ea406 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=A4rkl?= <info@florianmaerkl.de>
+Date: Fri, 10 Dec 2021 15:43:12 +0100
+Subject: [PATCH] Fix oob write for dwarf with abbrev with count 0 (Fix #2083)
+ (#2086)
+
+---
+ librz/bin/dwarf.c | 40 ++++++++++++++++++++++-----------------
+ test/db/formats/elf/crash | 8 ++++++++
+ 2 files changed, 31 insertions(+), 17 deletions(-)
+
+diff --git a/librz/bin/dwarf.c b/librz/bin/dwarf.c
+index 1ed1d3517c2..23dd1f9f0b1 100644
+--- a/librz/bin/dwarf.c
++++ b/librz/bin/dwarf.c
+@@ -1220,9 +1220,13 @@ static int init_die(RzBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) {
+ if (!die) {
+ return -1;
+ }
+- die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
+- if (!die->attr_values) {
+- return -1;
++ if (attr_count) {
++ die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
++ if (!die->attr_values) {
++ return -1;
++ }
++ } else {
++ die->attr_values = NULL;
+ }
+ die->abbrev_code = abbr_code;
+ die->capacity = attr_count;
+@@ -1726,25 +1730,27 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RzBinDwarfDebugI
+ size_t i;
+ const char *comp_dir = NULL;
+ ut64 line_info_offset = UT64_MAX;
+- for (i = 0; i < abbrev->count - 1; i++) {
+- memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
++ if (abbrev->count) {
++ for (i = 0; i < abbrev->count - 1; i++) {
++ memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
+
+- buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],
+- &die->attr_values[i], hdr, debug_str, debug_str_len, big_endian);
++ buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],
++ &die->attr_values[i], hdr, debug_str, debug_str_len, big_endian);
+
+- RzBinDwarfAttrValue *attribute = &die->attr_values[i];
++ RzBinDwarfAttrValue *attribute = &die->attr_values[i];
+
+- if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) {
+- comp_dir = attribute->string.content;
+- }
+- if (attribute->attr_name == DW_AT_stmt_list) {
+- if (attribute->kind == DW_AT_KIND_CONSTANT) {
+- line_info_offset = attribute->uconstant;
+- } else if (attribute->kind == DW_AT_KIND_REFERENCE) {
+- line_info_offset = attribute->reference;
++ if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) {
++ comp_dir = attribute->string.content;
++ }
++ if (attribute->attr_name == DW_AT_stmt_list) {
++ if (attribute->kind == DW_AT_KIND_CONSTANT) {
++ line_info_offset = attribute->uconstant;
++ } else if (attribute->kind == DW_AT_KIND_REFERENCE) {
++ line_info_offset = attribute->reference;
++ }
+ }
++ die->count++;
+ }
+- die->count++;
+ }
+
+ // If this is a compilation unit dir attribute, we want to cache it so the line info parsing
+diff --git a/test/db/formats/elf/crash b/test/db/formats/elf/crash
+index ea6c2c214bb..fb8a572bd56 100644
+--- a/test/db/formats/elf/crash
++++ b/test/db/formats/elf/crash
+@@ -25,3 +25,11 @@ nth vaddr bind type lib name
+ []
+ EOF
+ RUN
++
++NAME=ELF/Dwarf: abbrev empty
++FILE=bins/elf/dwarf_fuzzed_abbrev_empty
++CMDS=<<EOF
++aaa
++EOF
++EXPECT=
++RUN
diff --git a/dev-util/rizin/rizin-0.3.1-r2.ebuild b/dev-util/rizin/rizin-0.3.1-r2.ebuild
new file mode 100644
index 000000000000..5148796711c6
--- /dev/null
+++ b/dev-util/rizin/rizin-0.3.1-r2.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=(python3_{8,9,10})
+
+# This is the commit that the CI for the release commit used
+BINS_COMMIT="74b6e4511112b1a6abc571091efc32ec2a7d98a6"
+
+inherit meson python-any-r1
+
+DESCRIPTION="reverse engineering framework for binary analysis"
+HOMEPAGE="https://rizin.re/"
+
+SRC_URI="https://github.com/rizinorg/rizin/releases/download/v${PV}/rizin-src-v${PV}.tar.xz"
+ #test? ( https://github.com/rizinorg/rizin-testbins/archive/${BINS_COMMIT}.tar.gz -> rizin-testbins-${BINS_COMMIT}.tar.gz )"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+LICENSE="Apache-2.0 BSD LGPL-3 MIT"
+SLOT="0/${PV}"
+IUSE="test"
+
+# Need to audit licenses of the binaries used for testing
+RESTRICT="test"
+
+RDEPEND="
+ sys-apps/file
+ app-arch/lz4:0=
+ dev-libs/capstone:0=
+ dev-libs/libuv:0=
+ dev-libs/libzip:0=
+ dev-libs/openssl:0=
+ >=dev-libs/tree-sitter-0.19.0
+ dev-libs/xxhash
+ sys-libs/zlib:0=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="${PYTHON_DEPS}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.3.0-typedb-prefix.patch"
+ "${FILESDIR}/${P}-CVE-2021-43814.patch"
+)
+
+S="${WORKDIR}/${PN}-v${PV}"
+
+src_prepare() {
+ default
+
+ local py_to_mangle=(
+ librz/core/cmd_descs/cmd_descs_generate.py
+ subprojects/lz4-1.9.3/contrib/meson/meson/GetLz4LibraryVersion.py
+ subprojects/lz4-1.9.3/contrib/meson/meson/InstallSymlink.py
+ subprojects/lz4-1.9.3/tests/test-lz4-list.py
+ subprojects/lz4-1.9.3/tests/test-lz4-speed.py
+ subprojects/lz4-1.9.3/tests/test-lz4-versions.py
+ sys/clang-format.py
+ test/fuzz/scripts/fuzz_rz_asm.py
+ test/scripts/gdbserver.py
+ )
+
+ python_fix_shebang "${py_to_mangle[@]}"
+
+ if use test; then
+ cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}/test/bins" || die
+ cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}" || die
+ fi
+}
+
+src_configure() {
+ local emesonargs=(
+ -Dcli=enabled
+ -Duse_sys_capstone=enabled
+ -Duse_sys_magic=enabled
+ -Duse_sys_libzip=enabled
+ -Duse_sys_zlib=enabled
+ -Duse_sys_lz4=enabled
+ -Duse_sys_xxhash=enabled
+ -Duse_sys_openssl=enabled
+ -Duse_sys_tree_sitter=enabled
+
+ $(meson_use test enable_tests)
+ $(meson_use test enable_rz_test)
+ )
+ meson_src_configure
+}
+
+src_test() {
+ # Rizin uses data files that it expects to be installed on the
+ # system. To hack around this, we create a tree of what it expects
+ # in ${T}, and patch the tests to support a prefix from the
+ # environment. https://github.com/rizinorg/rizin/issues/1789
+ mkdir -p "${T}/usr/share/${PN}/${PV}" || die
+ ln -sf "${BUILD_DIR}/librz/analysis/d" "${T}/usr/share/${PN}/${PV}/types" || die
+ ln -sf "${BUILD_DIR}/librz/syscall/d" "${T}/usr/share/${PN}/${PV}/syscall" || die
+ ln -sf "${BUILD_DIR}/librz/asm/d" "${T}/usr/share/${PN}/${PV}/opcodes" || die
+ # https://github.com/rizinorg/rizin/issues/1797
+ ln -sf "${BUILD_DIR}/librz/flag/d" "${T}/usr/share/${PN}/${PV}/flag" || die
+ export RZ_PREFIX="${T}/usr"
+
+ meson_src_test
+}