This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/13601] New: Fail to load dynamic libs when entire ELF header cannot be read in one syscall


http://sourceware.org/bugzilla/show_bug.cgi?id=13601

             Bug #: 13601
           Summary: Fail to load dynamic libs when entire ELF header
                    cannot be read in one syscall
           Product: glibc
           Version: 2.14
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: tatannen@wisc.edu
    Classification: Unclassified


As stated in the man pages, the read() system call may read/return less bytes
than requested, for a variety of well-documented reasons.
In elf/dl-load.c, function open_verify() attempts to read the entire elf header
(over 800 bytes on x86_84) in one invocation of the read system call, and if
all bytes are not read, the shared library will not load with a "file too
short" error. This could cause failures, for instance, loading over networked
file systems configured with a small (less than 800byte) MTU size.

In elf/dl-load.c the problem is here:
1714:      size_t maplength;
1715:
1716:      /* We successfully openened the file.  Now verify it is a file
1717:     we can use.  */
1718:      __set_errno (0);
1719:      fbp->len = __libc_read (fd, fbp->buf, sizeof (fbp->buf));
1720:
1721:      /* This is where the ELF header is loaded.  */
1722:      assert (sizeof (fbp->buf) > sizeof (ElfW(Ehdr)));
1723:      ehdr = (ElfW(Ehdr) *) fbp->buf;
1724:
1725:      /* Now run the tests.  */
1726:      if (__builtin_expect (fbp->len < (ssize_t) sizeof (ElfW(Ehdr)), 0))
1727:    {
1728:      errval = errno;

On line 1719, if the read returns less than sizeof (ElfW(Ehdr)) as tested on
line 1726, the library load will fail.

The call to libc_read on line 1719 should be repeated while libc_read
returns a value greater than zero.  If you desire me to write/submit a patch,
I'd be happy to help out, just ask.

Thank you!

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]