This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.28.9000-214-g2954daf
- From: schwab at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 24 Oct 2018 14:35:00 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.28.9000-214-g2954daf
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 2954daf00bb4dc27c69a48e6798d5960ea320741 (commit)
from a27a4f4721837a5fb36ace833764b06a64c5af1c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2954daf00bb4dc27c69a48e6798d5960ea320741
commit 2954daf00bb4dc27c69a48e6798d5960ea320741
Author: Andreas Schwab <schwab@suse.de>
Date: Tue Oct 23 09:40:14 2018 +0200
Add more checks for valid ld.so.cache file (bug 18093)
diff --git a/ChangeLog b/ChangeLog
index 9b44e8d..d6c5be9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2018-10-24 Andreas Schwab <schwab@suse.de>
+
+ [BZ #18093]
+ * elf/dl-cache.c (_dl_load_cache_lookup): Check for truncated old
+ format cache.
+ * elf/cache.c (print_cache): Likewise.
+
2018-10-24 Albert ARIBAUD <albert.aribaud@3adev.fr>
* bits/timesize.h: New file.
diff --git a/elf/cache.c b/elf/cache.c
index e63979d..c4cd825 100644
--- a/elf/cache.c
+++ b/elf/cache.c
@@ -199,6 +199,11 @@ print_cache (const char *cache_name)
}
else
{
+ /* Check for corruption, avoiding overflow. */
+ if ((cache_size - sizeof (struct cache_file)) / sizeof (struct file_entry)
+ < cache->nlibs)
+ error (EXIT_FAILURE, 0, _("File is not a cache file.\n"));
+
size_t offset = ALIGN_CACHE (sizeof (struct cache_file)
+ (cache->nlibs
* sizeof (struct file_entry)));
diff --git a/elf/dl-cache.c b/elf/dl-cache.c
index 6ee5153..6dd99a3 100644
--- a/elf/dl-cache.c
+++ b/elf/dl-cache.c
@@ -204,7 +204,10 @@ _dl_load_cache_lookup (const char *name)
- only the new format
The following checks if the cache contains any of these formats. */
if (file != MAP_FAILED && cachesize > sizeof *cache
- && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0)
+ && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0
+ /* Check for corruption, avoiding overflow. */
+ && ((cachesize - sizeof *cache) / sizeof (struct file_entry)
+ >= ((struct cache_file *) file)->nlibs))
{
size_t offset;
/* Looks ok. */
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
elf/cache.c | 5 +++++
elf/dl-cache.c | 5 ++++-
3 files changed, 16 insertions(+), 1 deletions(-)
hooks/post-receive
--
GNU C Library master sources