This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Alex Dowad <alexinbeijing at gmail dot com>, libc-alpha at sourceware dot org
- Date: Mon, 10 Aug 2015 08:38:21 -0700
- Subject: Re: [PATCH v3] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- Authentication-results: sourceware.org; auth=none
- References: <1439216132-18146-1-git-send-email-alexinbeijing at gmail dot com>
Alex Dowad wrote:
_dl_error_printf ("\
warning: debug option `%.*s' unknown; try LD_DEBUG=help\n", (int)len, dl_debug);
Since this patch is about security, I suggest truncating the diagnostic a bit
less randomly (as the above code will do if len exceeds INT_MAX). It can cause
trouble to the user to get gigabyte-long diagnostics, and nothing after the
first few bytes is helpful for diagnosis anyway. Plus, while we're at it, the
indenting should be fixed and we shouldn't quote with grave accent. Something
like the attached (untested) patch, perhaps.
diff --git a/elf/rtld.c b/elf/rtld.c
index 6bcf224..a6e81ce 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2504,9 +2504,10 @@ process_dl_debug (const char *dl_debug)
{
/* Display a warning and skip everything until next
separator. */
- char *copy = strndupa (dl_debug, len);
- _dl_error_printf ("\
-warning: debug option `%s' unknown; try LD_DEBUG=help\n", copy);
+ int deblen = MIN (len, 100);
+ _dl_error_printf (("warning: debug option '%.*s'%s unknown;"
+ " try LD_DEBUG=help\n"),
+ deblen, dl_debug, len < 100 ? "" : "...");
}
dl_debug += len;