This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
On 06/06/2018 10:18 PM, Carlos O'Donell wrote:
+ if (__glibc_unlikely (__libc_enable_secure)
+ && ((input[len] != '\0' && input[len] != '/'
+ && input[len] != ':')
+ || (input != start + 1
+ || (input > start + 2 && input[-2] != ':'))))
Is the ':' check really the right thing here?
Didn't we change the code so that _dl_dst_substitute is only called with
a single component as an argument?
fillin_rpath splits the string at :/:. The callers in dl-deps.c
I also suggest to use struct alloc_buffer, to make the code more
obviously correct.
Thanks,
Florian
- References:
- [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).
- Re: [PATCH] Improve DST handling (Bug 23102, Bug 21942, Bug 18018, Bug, 23259, CVE-2011-0536 ).