This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch roland/dl-nns created. glibc-2.21-274-ga9c8e45


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, roland/dl-nns has been created
        at  a9c8e45875178e69fb19c078e5d1d7bbe7c438e4 (commit)

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9c8e45875178e69fb19c078e5d1d7bbe7c438e4

commit a9c8e45875178e69fb19c078e5d1d7bbe7c438e4
Author: Roland McGrath <roland@hack.frob.com>
Date:   Fri Apr 17 12:09:54 2015 -0700

    Fuller check for invalid NSID in _dl_open.

diff --git a/ChangeLog b/ChangeLog
index 411ef3d..3344d17 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-04-17  Roland McGrath  <roland@hack.frob.com>
+
+	* elf/dl-open.c (_dl_open): Use __glibc_unlikely in invalid namespace
+	check.  Reject NSID < 0 and NSID >= dl_nns and check for DL_NNS==1
+	before using NSID as an index.
+
 2015-04-17  Il'ya Malakhov <ilmalakhov@yandex.ru>
 
 	[BZ #17825]
diff --git a/elf/dl-open.c b/elf/dl-open.c
index 0dbe07f..2f872c3 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -211,7 +211,7 @@ dl_open_worker (void *a)
       struct link_map *l = _dl_find_dso_for_object ((ElfW(Addr)) caller_dlopen);
 
       if (l)
-        call_map = l;
+	call_map = l;
 
       if (args->nsid == __LM_ID_CALLER)
 	args->nsid = call_map->l_ns;
@@ -619,8 +619,14 @@ no more namespaces available for dlmopen()"));
   /* Never allow loading a DSO in a namespace which is empty.  Such
      direct placements is only causing problems.  Also don't allow
      loading into a namespace used for auditing.  */
-  else if (__builtin_expect (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER, 0)
-	   && (GL(dl_ns)[nsid]._ns_nloaded == 0
+  else if (__glibc_unlikely (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER)
+	   && (__glibc_unlikely (nsid < 0 || nsid >= GL(dl_nns))
+               /* This prevents the [NSID] index expressions from being
+                  evaluated, so the compiler won't think that we are
+                  accessing an invalid index here in the !SHARED case where
+                  DL_NNS is 1 and so any NSID != 0 is invalid.  */
+	       || DL_NNS == 1
+	       || GL(dl_ns)[nsid]._ns_nloaded == 0
 	       || GL(dl_ns)[nsid]._ns_loaded->l_auditing))
     _dl_signal_error (EINVAL, file, NULL,
 		      N_("invalid target namespace in dlmopen()"));

-----------------------------------------------------------------------


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]