gentoo-overlay/app-emulation/virtualbox/files/virtualbox-5.1.22-opengl_dl...

Index: VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp
===================================================================
--- VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp	(revision 115126)
+++ VirtualBox-5.1.22/src/VBox/HostDrivers/Support/posix/SUPR3HardenedMain-posix.cpp	(revision 115307)
@@ -341,6 +341,7 @@
      * Patch 64-bit hosts.
      */
     uint32_t cRipRelMovs = 0;
+    uint32_t cRelCalls = 0;

     /* Just use the disassembler to skip 12 bytes or more, we might need to
        rewrite mov instructions using RIP relative addressing. */
@@ -349,7 +350,8 @@
         cbInstr = 1;
         int rc = DISInstr(pbTarget + offJmpBack, DISCPUMODE_64BIT, &Dis, &cbInstr);
         if (   RT_FAILURE(rc)
-            || (Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW)
+            || (   Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW
+                && Dis.pCurInstr->uOpcode != OP_CALL)
             || (   Dis.ModRM.Bits.Mod == 0
                 && Dis.ModRM.Bits.Rm  == 5 /* wrt RIP */
                 && Dis.pCurInstr->uOpcode != OP_MOV))
@@ -357,15 +359,23 @@

         if (Dis.ModRM.Bits.Mod == 0 && Dis.ModRM.Bits.Rm == 5 /* wrt RIP */)
             cRipRelMovs++;
+        if (   Dis.pCurInstr->uOpcode == OP_CALL
+            && (Dis.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW))
+            cRelCalls++;

         offJmpBack += cbInstr;
         cbPatchMem += cbInstr;
     }

+    /*
+     * Each relative call requires extra bytes as it is converted to a pushq imm32
+     * + mov [RSP+4], imm32 + a jmp qword [$+8 wrt RIP] to avoid clobbering registers.
+     */
+    cbPatchMem += cRelCalls * RT_ALIGN_32(13 + 6 + 8, 8);
     cbPatchMem += 14; /* jmp qword [$+8 wrt RIP] + 8 byte address to jump to. */
     cbPatchMem = RT_ALIGN_32(cbPatchMem, 8);

-    /* Allocate suitable exectuable memory available. */
+    /* Allocate suitable executable memory available. */
     bool fConvRipRelMovs = false;
     uint8_t *pbPatchMem = supR3HardenedMainPosixExecMemAlloc(cbPatchMem, pbTarget, cRipRelMovs > 0);
     if (!pbPatchMem)
@@ -396,7 +406,8 @@
         cbInstr = 1;
         int rc = DISInstr(pbTarget + offInsn, DISCPUMODE_64BIT, &Dis, &cbInstr);
         if (   RT_FAILURE(rc)
-            || (Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW))
+            || (   Dis.pCurInstr->fOpType & DISOPTYPE_CONTROLFLOW
+                && Dis.pCurInstr->uOpcode != OP_CALL))
             return VERR_SUPLIB_UNEXPECTED_INSTRUCTION;

         if (   Dis.ModRM.Bits.Mod == 0
@@ -439,6 +450,34 @@
                 pbPatchMem   += sizeof(int32_t);
             }
         }
+        else if (   Dis.pCurInstr->uOpcode == OP_CALL
+                 && (Dis.pCurInstr->fOpType & DISOPTYPE_RELATIVE_CONTROLFLOW))
+        {
+            /* Convert to absolute jump. */
+            uintptr_t uAddr = (uintptr_t)&pbTarget[offInsn + cbInstr] + (intptr_t)Dis.Param1.uValue;
+
+            /* Skip the push instructions till the return address is known. */
+            uint8_t *pbPatchMemPush = pbPatchMem;
+            pbPatchMem += 13;
+
+            *pbPatchMem++ = 0xff; /* jmp qword [$+8 wrt RIP] */
+            *pbPatchMem++ = 0x25;
+            *(uint32_t *)pbPatchMem = (uint32_t)(RT_ALIGN_PT(pbPatchMem + 4, 8, uint8_t *) - (pbPatchMem + 4));
+            pbPatchMem = RT_ALIGN_PT(pbPatchMem + 4, 8, uint8_t *);
+            *(uint64_t *)pbPatchMem = uAddr;
+            pbPatchMem += sizeof(uint64_t);
+
+            /* Push the return address onto stack. Difficult on amd64 without clobbering registers... */
+            uintptr_t uAddrReturn = (uintptr_t)pbPatchMem;
+            *pbPatchMemPush++ = 0x68; /* push imm32 sign-extended as 64-bit*/
+            *(uint32_t *)pbPatchMemPush = RT_LO_U32(uAddrReturn);
+            pbPatchMemPush += sizeof(uint32_t);
+            *pbPatchMemPush++ = 0xc7;
+            *pbPatchMemPush++ = 0x44;
+            *pbPatchMemPush++ = 0x24;
+            *pbPatchMemPush++ = 0x04; /* movl [RSP+4], imm32 */
+            *(uint32_t *)pbPatchMemPush = RT_HI_U32(uAddrReturn);
+        }
         else
         {
             memcpy(pbPatchMem, pbTarget + offInsn, cbInstr);
Index: VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
===================================================================
--- VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp	(revision 115126)
+++ VirtualBox-5.1.22/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp	(revision 115307)
@@ -86,6 +86,9 @@
 /** The max path length acceptable for a trusted path. */
 #define SUPR3HARDENED_MAX_PATH      260U

+/** Enable to resolve symlinks using realpath() instead of cooking our own stuff. */
+#define SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH 1
+
 #ifdef RT_OS_SOLARIS
 # define dirfd(d) ((d)->d_fd)
 #endif
@@ -1091,7 +1094,8 @@
 #endif


-#if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
+#ifndef SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH
+# if defined(RT_OS_DARWIN) || defined(RT_OS_LINUX)
 /**
  * Copies the error message to the error buffer and returns @a rc.
  *
@@ -1104,6 +1108,7 @@
 {
     return supR3HardenedSetErrorN(rc, pErrInfo, 1, pszMsg);
 }
+# endif
 #endif


@@ -1893,7 +1898,9 @@
     /*
      * Verify each component from the root up.
      */
+#ifndef SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH
     uint32_t                iLoops = 0;
+#endif
     SUPR3HARDENEDFSOBJSTATE FsObjState;
     uint32_t                iComponent = 0;
     while (iComponent < Info.cComponents)
@@ -1915,6 +1922,24 @@
             if (   RT_SUCCESS(rc)
                 && S_ISLNK(FsObjState.Stat.st_mode))
             {
+#if SUP_HARDENED_VERIFY_FOLLOW_SYMLINKS_USE_REALPATH /* Another approach using realpath() and verifying the result when encountering a symlink. */
+                char *pszFilenameResolved = realpath(pszFilename, NULL);
+                if (pszFilenameResolved)
+                {
+                    rc = supR3HardenedVerifyFile(pszFilenameResolved, hNativeFile, fMaybe3rdParty, pErrInfo);
+                    free(pszFilenameResolved);
+                    return rc;
+                }
+                else
+                {
+                    int iErr = errno;
+                    supR3HardenedError(VERR_ACCESS_DENIED, false /*fFatal*/,
+                                       "supR3HardenedVerifyFileFollowSymlinks: Failed to resolve the real path '%s': %s (%d)\n",
+                                       pszFilename, strerror(iErr), iErr);
+                    return supR3HardenedSetError4(VERR_ACCESS_DENIED, pErrInfo,
+                                                  "realpath failed for '", pszFilename, "': ", strerror(iErr));
+                }
+#else
                 /* Don't loop forever. */
                 iLoops++;
                 if (iLoops < 8)
@@ -1989,6 +2014,7 @@
                 else
                     return supR3HardenedSetError3(VERR_TOO_MANY_SYMLINKS, pErrInfo,
                                                   "Too many symbolic links: '", pszFilename, "'");
+#endif
             }
         }
         if (RT_FAILURE(rc))