From 74851d8dd94e13c534eefa9d633bca1657ec9869 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sun, 6 Jan 2019 19:52:22 +0000
Subject: [PATCH] Gdb script: improve portability of ASLR disabling disabling

Call `set disable-randomization off` only if it seems to be supported.
The goal is to neither get an error about disable-randomization not
being supported (e.g. on FreeBSD), nor get an error if it is supported
but fails (e.g. on Ubuntu).

Only fiddle with disable-randomization from all.sh, which cares
because it reports the failure of ASLR disabling as an error. If a
developer invokes the Gdb script manually, a warning about ASLR
doesn't matter.
---
 tests/scripts/all.sh           | 12 +++++++++++-
 tests/scripts/test_zeroize.gdb |  2 --
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8c9c9ce43..1e7107456 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1102,17 +1102,27 @@ component_test_zeroize () {
     # system in all cases that the script fails, so we must manually search the
     # output to check whether the pass string is present and no failure strings
     # were printed.
+
+    # Don't try to disable ASLR. We don't care about ASLR here. We do care
+    # about a spurious message if Gdb tries and fails, so suppress that.
+    gdb_disable_aslr=
+    if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then
+        gdb_disable_aslr='set disable-randomization off'
+    fi
+
     for optimization_flag in -O2 -O3 -Ofast -Os; do
         for compiler in clang gcc; do
             msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
             make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
-            if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+            if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
             if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
             if_build_succeeded not grep -i "error" test_zeroize.log
             rm -f test_zeroize.log
             make clean
         done
     done
+
+    unset gdb_disable_aslr
 }
 
 component_check_python_files () {
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 77c812a0b..2f995d2a3 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -41,8 +41,6 @@
 # number does not need to be updated often.
 
 set confirm off
-# We don't need to turn off ASLR, so don't try.
-set disable-randomization off
 
 file ./programs/test/zeroize
 break zeroize.c:100