system/glibc
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix breaking of RPATH when $ORIGIN contains colons. Fixes bug 10253

Browse Source 
We first expanded origin and then split string by colons. This
misbehaves when $ORIGIN contain colon so we first split string, then
expand $ORIGIN.
This commit is contained in:
Ondřej Bílka 2013-11-18 19:56:57 +01:00
parent 250c23bdd9
commit b75891075b
3 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2013-11-18 Ondřej Bílka <neleai@seznam.cz>
[BZ #10253]
* elf/dl-load.c (fillin_rpath): Add linkmap parameter and expand path.
(decompose_rpath): Defer expansion to fillin_rpath.
(_dl_init_paths): Pass linkmap to fillin_rpath.
2013-11-18 Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com> 2013-11-18 Rajalakshmi Srinivasaraghavan <raji@linux.vnet.ibm.com>
* benchtests/Makefile: Add strsep. * benchtests/Makefile: Add strsep.

20
NEWS
View File

@ -9,16 +9,16 @@ Version 2.19
* The following bugs are resolved with this release: * The following bugs are resolved with this release:
156, 387, 431, 832, 2801, 7003, 9954, 10278, 11087, 13028, 13982, 13985, 156, 387, 431, 832, 2801, 7003, 9954, 10253, 10278, 11087, 13028, 13982,
14029, 14143, 14155, 14547, 14699, 14752, 14876, 14910, 15048, 15218, 13985, 14029, 14143, 14155, 14547, 14699, 14752, 14876, 14910, 15048,
15277, 15308, 15362, 15374, 15400, 15427, 15522, 15531, 15532, 15608, 15218, 15277, 15308, 15362, 15374, 15400, 15427, 15522, 15531, 15532,
15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723, 15734, 15608, 15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723,
15735, 15736, 15748, 15749, 15754, 15760, 15763, 15764, 15797, 15799, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15763, 15764, 15797,
15825, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15799, 15825, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867,
15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15917, 15919, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15917,
15921, 15923, 15939, 15948, 15963, 15966, 15985, 15988, 15997, 16032, 15919, 15921, 15923, 15939, 15948, 15963, 15966, 15985, 15988, 15997,
16034, 16036, 16037, 16041, 16055, 16071, 16072, 16074, 16078, 16103, 16032, 16034, 16036, 16037, 16041, 16055, 16071, 16072, 16074, 16078,
16112, 16143, 16146, 16150, 16151, 16153, 16167, 16172. 16103, 16112, 16143, 16146, 16150, 16151, 16153, 16167, 16172.
* CVE-2012-4412 The strcoll implementation caches indices and rules for * CVE-2012-4412 The strcoll implementation caches indices and rules for
large collation sequences to optimize multiple passes. This cache large collation sequences to optimize multiple passes. This cache

24
elf/dl-load.c
View File

@ -481,14 +481,19 @@ static size_t max_dirnamelen;
static struct r_search_path_elem ** static struct r_search_path_elem **
fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
int check_trusted, const char *what, const char *where) int check_trusted, const char *what, const char *where,
struct link_map *l)
{ {
char *cp; char *cp;
size_t nelems = 0; size_t nelems = 0;
char *to_free;
while ((cp = __strsep (&rpath, sep)) != NULL) while ((cp = __strsep (&rpath, sep)) != NULL)
{ {
struct r_search_path_elem *dirp; struct r_search_path_elem *dirp;
to_free = cp = expand_dynamic_string_token (l, cp);
size_t len = strlen (cp); size_t len = strlen (cp);
/* `strsep' can pass an empty string. This has to be /* `strsep' can pass an empty string. This has to be
@ -509,7 +514,10 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
/* Make sure we don't use untrusted directories if we run SUID. */ /* Make sure we don't use untrusted directories if we run SUID. */
if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len)) if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len))
{
free (to_free);
continue; continue;
}
/* See if this directory is already known. */ /* See if this directory is already known. */
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
@ -570,6 +578,7 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
/* Put it in the result array. */ /* Put it in the result array. */
result[nelems++] = dirp; result[nelems++] = dirp;
} }
free (to_free);
} }
/* Terminate the array. */ /* Terminate the array. */
@ -625,9 +634,8 @@ decompose_rpath (struct r_search_path_struct *sps,
while (*inhp != '\0'); while (*inhp != '\0');
} }
/* Make a writable copy. At the same time expand possible dynamic /* Make a writable copy. */
string tokens. */ copy = local_strdup (rpath);
copy = expand_dynamic_string_token (l, rpath, 1);
if (copy == NULL) if (copy == NULL)
{ {
errstring = N_("cannot create RUNPATH/RPATH copy"); errstring = N_("cannot create RUNPATH/RPATH copy");
@ -660,7 +668,7 @@ decompose_rpath (struct r_search_path_struct *sps,
_dl_signal_error (ENOMEM, NULL, NULL, errstring); _dl_signal_error (ENOMEM, NULL, NULL, errstring);
} }
fillin_rpath (copy, result, ":", 0, what, where); fillin_rpath (copy, result, ":", 0, what, where, l);
/* Free the copied RPATH string. `fillin_rpath' make own copies if /* Free the copied RPATH string. `fillin_rpath' make own copies if
necessary. */ necessary. */
@ -708,9 +716,7 @@ _dl_init_paths (const char *llp)
const char *strp; const char *strp;
struct r_search_path_elem *pelem, **aelem; struct r_search_path_elem *pelem, **aelem;
size_t round_size; size_t round_size;
#ifdef SHARED struct link_map __attribute__ ((unused)) *l = NULL;
struct link_map *l;
#endif
/* Initialize to please the compiler. */ /* Initialize to please the compiler. */
const char *errstring = NULL; const char *errstring = NULL;
@ -865,7 +871,7 @@ _dl_init_paths (const char *llp)
(void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;", (void) fillin_rpath (llp_tmp, env_path_list.dirs, ":;",
INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH", INTUSE(__libc_enable_secure), "LD_LIBRARY_PATH",
NULL); NULL, l);
if (env_path_list.dirs[0] == NULL) if (env_path_list.dirs[0] == NULL)
{ {