From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 37583 invoked by alias); 4 Jul 2018 11:26:33 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 37567 invoked by uid 89); 4 Jul 2018 11:26:33 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-Spam-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 04 Jul 2018 11:26:32 +0000 Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1D58A30820F1 for ; Wed, 4 Jul 2018 11:26:31 +0000 (UTC) Received: from oldenburg.str.redhat.com (dhcp-192-212.str.redhat.com [10.33.192.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id DF1BA90066 for ; Wed, 4 Jul 2018 11:26:30 +0000 (UTC) Received: by oldenburg.str.redhat.com (Postfix, from userid 1000) id 4460643994575; Wed, 4 Jul 2018 13:26:30 +0200 (CEST) Date: Mon, 01 Jan 2018 00:00:00 -0000 To: libc-stable@sourceware.org Subject: [2.26 COMMITTED] libio: Disable vtable validation in case of interposition [BZ #23313] User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20180704112630.4460643994575@oldenburg.str.redhat.com> From: fweimer@redhat.com (Florian Weimer) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Wed, 04 Jul 2018 11:26:31 +0000 (UTC) X-IsSubscribed: yes X-SW-Source: 2018-07/txt/msg00008.txt.bz2 (cherry picked from commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0) 2018-06-26 Florian Weimer [BZ #23313] * libio/vtables.c (check_stdfiles_vtables): New ELF constructor. diff --git a/NEWS b/NEWS index 48d28e166a..5bcca538c6 100644 --- a/NEWS +++ b/NEWS @@ -144,6 +144,7 @@ The following bugs are resolved with this release: [23171] Fix parameter type in C++ version of iseqsig [23196] __mempcpy_avx512_no_vzeroupper mishandles large copies [23236] Harden function pointers in _IO_str_fields + [23313] libio: Disable vtable validation in case of interposition [23349] Various glibc headers no longer compatible with Version 2.26 diff --git a/libio/vtables.c b/libio/vtables.c index 41b48db98c..a11226ab17 100644 --- a/libio/vtables.c +++ b/libio/vtables.c @@ -70,3 +70,19 @@ _IO_vtable_check (void) __libc_fatal ("Fatal error: glibc detected an invalid stdio handle\n"); } + +/* Some variants of libstdc++ interpose _IO_2_1_stdin_ etc. and + install their own vtables directly, without calling _IO_init or + other functions. Detect this by looking at the vtables values + during startup, and disable vtable validation in this case. */ +#ifdef SHARED +__attribute__ ((constructor)) +static void +check_stdfiles_vtables (void) +{ + if (_IO_2_1_stdin_.vtable != &_IO_file_jumps + || _IO_2_1_stdout_.vtable != &_IO_file_jumps + || _IO_2_1_stderr_.vtable != &_IO_file_jumps) + IO_set_accept_foreign_vtables (&_IO_vtable_check); +} +#endif