From: "Tulio Magno Quites Machado Filho" <tuliom@linux.vnet.ibm.com>
To: libc-stable@sourceware.org
Cc: Florian Weimer <fweimer@redhat.com>
Subject: [COMMITTED 2.19] Harden tls_dtor_list with pointer mangling [BZ #19018]
Date: Fri, 01 Jan 2016 00:00:00 -0000 [thread overview]
Message-ID: <1468256896-29138-3-git-send-email-tuliom@linux.vnet.ibm.com> (raw)
In-Reply-To: <1468256896-29138-1-git-send-email-tuliom@linux.vnet.ibm.com>
From: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit f586e1328681b400078c995a0bb6ad301ef73549)
Conflicts:
NEWS
stdlib/cxa_thread_atexit_impl.c
---
ChangeLog | 7 +++++++
NEWS | 4 ++--
stdlib/cxa_thread_atexit_impl.c | 12 ++++++++++--
3 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f0bd736..5d3bc8f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2016-07-11 Florian Weimer <fweimer@redhat.com>
+ [BZ #19018]
+ * stdlib/cxa_thread_atexit_impl.c (__cxa_thread_atexit_impl):
+ Mangle function pointer before storing it.
+ (__call_tls_dtors): Demangle function pointer before calling it.
+
+2016-07-11 Florian Weimer <fweimer@redhat.com>
+
[BZ #18928]
* sysdeps/generic/ldsodefs.h (struct rtld_global_ro): Remove
_dl_pointer_guard member.
diff --git a/NEWS b/NEWS
index 9bd31e4..41481cd 100644
--- a/NEWS
+++ b/NEWS
@@ -12,8 +12,8 @@ Version 2.19.1
15946, 16009, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759,
16760, 16878, 16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062,
17069, 17079, 17137, 17153, 17213, 17263, 17269, 17325, 17555, 17905,
- 18007, 18032, 18080, 18240, 18287, 18508, 18665, 18905, 18928, 19779,
- 19791, 19879, 20010, 20112.
+ 18007, 18032, 18080, 18240, 18287, 18508, 18665, 18905, 18928, 19018,
+ 19779, 19791, 19879, 20010, 20112.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
diff --git a/stdlib/cxa_thread_atexit_impl.c b/stdlib/cxa_thread_atexit_impl.c
index d2f88d3..6030e5f 100644
--- a/stdlib/cxa_thread_atexit_impl.c
+++ b/stdlib/cxa_thread_atexit_impl.c
@@ -42,6 +42,10 @@ static __thread struct link_map *lm_cache;
int
__cxa_thread_atexit_impl (dtor_func func, void *obj, void *dso_symbol)
{
+#ifdef PTR_MANGLE
+ PTR_MANGLE (func);
+#endif
+
/* Prepend. */
struct dtor_list *new = calloc (1, sizeof (struct dtor_list));
new->func = func;
@@ -83,9 +87,13 @@ __call_tls_dtors (void)
while (tls_dtor_list)
{
struct dtor_list *cur = tls_dtor_list;
- tls_dtor_list = tls_dtor_list->next;
+ dtor_func func = cur->func;
+#ifdef PTR_DEMANGLE
+ PTR_DEMANGLE (func);
+#endif
- cur->func (cur->obj);
+ tls_dtor_list = tls_dtor_list->next;
+ func (cur->obj);
__rtld_lock_lock_recursive (GL(dl_load_lock));
--
2.1.0
next prev parent reply other threads:[~2016-07-11 17:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-01 0:00 [COMMITTED 2.19] Fix memory handling in strxfrm_l [BZ #16009] Tulio Magno Quites Machado Filho
2016-01-01 0:00 ` Tulio Magno Quites Machado Filho [this message]
2016-01-01 0:00 ` [COMMITTED 2.19] Always enable pointer guard [BZ #18928] Tulio Magno Quites Machado Filho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1468256896-29138-3-git-send-email-tuliom@linux.vnet.ibm.com \
--to=tuliom@linux.vnet.ibm.com \
--cc=fweimer@redhat.com \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).