[PATCH] elf: Fix dlclose of an empty namespace in auditing mode (bug 26076)
Carlos O'Donell
carlos@redhat.com
Wed Jun 3 20:28:54 GMT 2020
On 6/3/20 9:43 AM, Florian Weimer via Libc-alpha wrote:
> ns->_ns_loaded is NULL if nothing has been loaded into the namespace.
>
> It seems difficult to hit this bug reliably, so this change does not
> come with a test case. It was trigger by accident, due to TLS
> exhaustion.
I think this should fail catastrophically and quickly.
> ---
> elf/dl-close.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/elf/dl-close.c b/elf/dl-close.c
> index 73b2817bbf..896e59e42e 100644
> --- a/elf/dl-close.c
> +++ b/elf/dl-close.c
> @@ -782,7 +782,7 @@ _dl_close_worker (struct link_map *map, bool force)
> {
> struct link_map *head = ns->_ns_loaded;
> /* Do not call the functions for any auditing object. */
> - if (head->l_auditing == 0)
> + if (head != NULL && head->l_auditing == 0)
> {
> struct audit_ifaces *afct = GLRO(dl_audit);
> for (unsigned int cnt = 0; cnt < GLRO(dl_naudit); ++cnt)
>
Use _dl_signal_error to indicate an internal error?
--
Cheers,
Carlos.
More information about the Libc-alpha
mailing list