* BZ 5222: Fix for elf/dl-load.c
@ 2007-10-28 5:42 Andreas Jaeger
2007-10-28 8:25 ` Ulrich Drepper
0 siblings, 1 reply; 2+ messages in thread
From: Andreas Jaeger @ 2007-10-28 5:42 UTC (permalink / raw)
To: libc-hacker
[-- Attachment #1: Type: text/plain, Size: 2287 bytes --]
Revision 1.287 introduces a bug, the reporter says
"The size returned in the dls_size field is incorrect, causing
subsequent calls of dlinfo() into a buffer of that size to buffer
overflow (hence marked as critical)."
diff -u -p -r1.286 -r1.287
--- elf/dl-load.c 30 Jun 2007 17:01:07 -0000 1.286
+++ elf/dl-load.c 12 Jul 2007 18:15:27 -0000 1.287
@@ -2273,14 +2273,17 @@ _dl_rtld_di_serinfo (struct link_map *lo
if (counting)
{
si->dls_cnt++;
- si->dls_size += r->dirnamelen;
+ si->dls_size += r->dirnamelen < 2 ? r->dirnamelen : 2;
}
else
{
Dl_serpath *const sp = &si->dls_serpath[idx++];
sp->dls_name = allocptr;
- allocptr = __mempcpy (allocptr,
- r->dirname, r->dirnamelen - 1);
+ if (r->dirnamelen < 2)
+ *allocptr++ = r->dirnamelen ? '/' : '.';
+ else
+ allocptr = __mempcpy (allocptr,
+ r->dirname, r->dirnamelen - 1);
*allocptr++ = '\0';
sp->dls_flags = flags;
}
Ok to commit the appended fix? I would like to add it for both 2.7 and
head,
Andreas
2007-10-28 Andreas Jaeger <aj@suse.de>
[BZ #5222]
* elf/dl-load.c (_dl_rtld_di_serinfo): Correctly compute dls_size.
Reported by Stefanus Du Toit <stefanus.dutoit@rapidmind.com>.
============================================================
Index: elf/dl-load.c
--- elf/dl-load.c 3 Aug 2007 15:50:24 -0000 1.288
+++ elf/dl-load.c 28 Oct 2007 05:41:48 -0000
@@ -2274,7 +2274,7 @@ _dl_rtld_di_serinfo (struct link_map *lo
if (counting)
{
si->dls_cnt++;
- si->dls_size += r->dirnamelen < 2 ? r->dirnamelen : 2;
+ si->dls_size += r->dirnamelen > 2 ? r->dirnamelen : 2;
}
else
{
--
Andreas Jaeger, Director Platform / openSUSE, aj@suse.de
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Maxfeldstr. 5, 90409 Nürnberg, Germany
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
[-- Attachment #2: Type: application/pgp-signature, Size: 193 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: BZ 5222: Fix for elf/dl-load.c
2007-10-28 5:42 BZ 5222: Fix for elf/dl-load.c Andreas Jaeger
@ 2007-10-28 8:25 ` Ulrich Drepper
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2007-10-28 8:25 UTC (permalink / raw)
To: Andreas Jaeger; +Cc: libc-hacker
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I applied a slightly more readable patch.
- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA â–
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHJEdJ2ijCOnn/RHQRAhMGAKCZ6dDm/247Kt1SJUJptKQn9sb42ACfZpIr
FoBt3sb/a/0z+3FEzlRwxzk=
=90dA
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-10-28 8:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-28 5:42 BZ 5222: Fix for elf/dl-load.c Andreas Jaeger
2007-10-28 8:25 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).