This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.28.9000-214-g2954daf

From: schwab at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 24 Oct 2018 14:35:00 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.28.9000-214-g2954daf

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  2954daf00bb4dc27c69a48e6798d5960ea320741 (commit)
      from  a27a4f4721837a5fb36ace833764b06a64c5af1c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2954daf00bb4dc27c69a48e6798d5960ea320741

commit 2954daf00bb4dc27c69a48e6798d5960ea320741
Author: Andreas Schwab <schwab@suse.de>
Date:   Tue Oct 23 09:40:14 2018 +0200

    Add more checks for valid ld.so.cache file (bug 18093)

diff --git a/ChangeLog b/ChangeLog
index 9b44e8d..d6c5be9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2018-10-24  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #18093]
+	* elf/dl-cache.c (_dl_load_cache_lookup): Check for truncated old
+	format cache.
+	* elf/cache.c (print_cache): Likewise.
+
 2018-10-24  Albert ARIBAUD <albert.aribaud@3adev.fr>
 
 	* bits/timesize.h: New file.
diff --git a/elf/cache.c b/elf/cache.c
index e63979d..c4cd825 100644
--- a/elf/cache.c
+++ b/elf/cache.c
@@ -199,6 +199,11 @@ print_cache (const char *cache_name)
     }
   else
     {
+      /* Check for corruption, avoiding overflow.  */
+      if ((cache_size - sizeof (struct cache_file)) / sizeof (struct file_entry)
+	  < cache->nlibs)
+	error (EXIT_FAILURE, 0, _("File is not a cache file.\n"));
+
       size_t offset = ALIGN_CACHE (sizeof (struct cache_file)
 				   + (cache->nlibs
 				      * sizeof (struct file_entry)));
diff --git a/elf/dl-cache.c b/elf/dl-cache.c
index 6ee5153..6dd99a3 100644
--- a/elf/dl-cache.c
+++ b/elf/dl-cache.c
@@ -204,7 +204,10 @@ _dl_load_cache_lookup (const char *name)
 	 - only the new format
 	 The following checks if the cache contains any of these formats.  */
       if (file != MAP_FAILED && cachesize > sizeof *cache
-	  && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0)
+	  && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0
+	  /* Check for corruption, avoiding overflow.  */
+	  && ((cachesize - sizeof *cache) / sizeof (struct file_entry)
+	      >= ((struct cache_file *) file)->nlibs))
 	{
 	  size_t offset;
 	  /* Looks ok.  */

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    7 +++++++
 elf/cache.c    |    5 +++++
 elf/dl-cache.c |    5 ++++-
 3 files changed, 16 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]