|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
diff -rup a/elf/dl-load.c b/elf/dl-load.c
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
--- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700
|
|
Siddhesh Poyarekar |
9af85e6 |
@@ -880,7 +880,8 @@ _dl_map_object_from_fd (const char *name, int fd, struct filebuf *fbp,
|
|
Siddhesh Poyarekar |
9af85e6 |
|
|
Siddhesh Poyarekar |
9af85e6 |
/* Get file information. */
|
|
Siddhesh Poyarekar |
9af85e6 |
struct r_file_id id;
|
|
Siddhesh Poyarekar |
9af85e6 |
- if (__glibc_unlikely (!_dl_get_file_id (fd, &id)))
|
|
Siddhesh Poyarekar |
9af85e6 |
+ struct stat64 st;
|
|
Siddhesh Poyarekar |
9af85e6 |
+ if (__glibc_unlikely (!_dl_get_file_id (fd, &id, &st)))
|
|
Siddhesh Poyarekar |
9af85e6 |
{
|
|
Siddhesh Poyarekar |
9af85e6 |
errstring = N_("cannot stat shared object");
|
|
Siddhesh Poyarekar |
9af85e6 |
call_lose_errno:
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
= N_("ELF load command address/offset not properly aligned");
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
goto call_lose;
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
}
|
|
Siddhesh Poyarekar |
c899b49 |
+ if (__glibc_unlikely (ph->p_offset + ph->p_filesz > st.st_size))
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ {
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ /* If the segment requires zeroing of part of its last
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ page, we'll crash when accessing the unmapped page.
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ There's still a possibility of a race, if the shared
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ object is truncated between the fxstat above and the
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ memset below. */
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ errstring = N_("ELF load command past end of file");
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ goto call_lose;
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
+ }
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
|
|
Siddhesh Poyarekar |
c899b49 |
struct loadcmd *c = &loadcmds[nloadcmds++];
|
|
![](https://seccdn.libravatar.org/avatar/53857e0805011d7cae7e9291c3c7672dd1958db8b0541c307a68d49a98f2e30a?s=16&d=retro) |
92f446a |
c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
|
|
Siddhesh Poyarekar |
9af85e6 |
diff --git a/sysdeps/generic/dl-fileid.h b/sysdeps/generic/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
index 2cbd21d..9b7f410 100644
|
|
Siddhesh Poyarekar |
9af85e6 |
--- a/sysdeps/generic/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
+++ b/sysdeps/generic/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
@@ -29,7 +29,8 @@ struct r_file_id
|
|
Siddhesh Poyarekar |
9af85e6 |
On error, returns false, with errno set. */
|
|
Siddhesh Poyarekar |
9af85e6 |
static inline bool
|
|
Siddhesh Poyarekar |
9af85e6 |
_dl_get_file_id (int fd __attribute__ ((unused)),
|
|
Siddhesh Poyarekar |
9af85e6 |
- struct r_file_id *id __attribute__ ((unused)))
|
|
Siddhesh Poyarekar |
9af85e6 |
+ struct r_file_id *id __attribute__ ((unused)),
|
|
Siddhesh Poyarekar |
9af85e6 |
+ struct stat64_t *st __attribute__((unused)))
|
|
Siddhesh Poyarekar |
9af85e6 |
{
|
|
Siddhesh Poyarekar |
9af85e6 |
return true;
|
|
Siddhesh Poyarekar |
9af85e6 |
}
|
|
Siddhesh Poyarekar |
9af85e6 |
diff --git a/sysdeps/posix/dl-fileid.h b/sysdeps/posix/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
index d0d5436..7115c3b 100644
|
|
Siddhesh Poyarekar |
9af85e6 |
--- a/sysdeps/posix/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
+++ b/sysdeps/posix/dl-fileid.h
|
|
Siddhesh Poyarekar |
9af85e6 |
@@ -27,18 +27,16 @@ struct r_file_id
|
|
Siddhesh Poyarekar |
9af85e6 |
ino64_t ino;
|
|
Siddhesh Poyarekar |
9af85e6 |
};
|
|
Siddhesh Poyarekar |
9af85e6 |
|
|
Siddhesh Poyarekar |
9af85e6 |
-/* Sample FD to fill in *ID. Returns true on success.
|
|
Siddhesh Poyarekar |
9af85e6 |
+/* Sample FD to fill in *ID and *ST. Returns true on success.
|
|
Siddhesh Poyarekar |
9af85e6 |
On error, returns false, with errno set. */
|
|
Siddhesh Poyarekar |
9af85e6 |
static inline bool
|
|
Siddhesh Poyarekar |
9af85e6 |
-_dl_get_file_id (int fd, struct r_file_id *id)
|
|
Siddhesh Poyarekar |
9af85e6 |
+_dl_get_file_id (int fd, struct r_file_id *id, struct stat64 *st)
|
|
Siddhesh Poyarekar |
9af85e6 |
{
|
|
Siddhesh Poyarekar |
9af85e6 |
- struct stat64 st;
|
|
Siddhesh Poyarekar |
9af85e6 |
-
|
|
Siddhesh Poyarekar |
9af85e6 |
- if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, &st) < 0))
|
|
Siddhesh Poyarekar |
9af85e6 |
+ if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, st) < 0))
|
|
Siddhesh Poyarekar |
9af85e6 |
return false;
|
|
Siddhesh Poyarekar |
9af85e6 |
|
|
Siddhesh Poyarekar |
9af85e6 |
- id->dev = st.st_dev;
|
|
Siddhesh Poyarekar |
9af85e6 |
- id->ino = st.st_ino;
|
|
Siddhesh Poyarekar |
9af85e6 |
+ id->dev = st->st_dev;
|
|
Siddhesh Poyarekar |
9af85e6 |
+ id->ino = st->st_ino;
|
|
Siddhesh Poyarekar |
9af85e6 |
return true;
|
|
Siddhesh Poyarekar |
9af85e6 |
}
|
|
Siddhesh Poyarekar |
9af85e6 |
|