[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[commits] r13760 - in /fsf/trunk/libc: ChangeLog elf/dl-load.c
- To: commits@xxxxxxxxxx
- Subject: [commits] r13760 - in /fsf/trunk/libc: ChangeLog elf/dl-load.c
- From: eglibc@xxxxxxxxxx
- Date: Wed, 11 May 2011 07:03:28 -0000
Author: eglibc
Date: Wed May 11 00:03:25 2011
New Revision: 13760
Log:
Import glibc-mainline for 2011-05-11
Modified:
fsf/trunk/libc/ChangeLog
fsf/trunk/libc/elf/dl-load.c
Modified: fsf/trunk/libc/ChangeLog
==============================================================================
--- fsf/trunk/libc/ChangeLog (original)
+++ fsf/trunk/libc/ChangeLog Wed May 11 00:03:25 2011
@@ -1,3 +1,15 @@
+2011-05-11 Ulrich Drepper <drepper@xxxxxxxxx>
+
+ [BZ #12393]
+ * elf/dl-load.c (is_trusted_path): Remove unnecessary test.
+ (is_trusted_path_normalize): Skip initial colon. Append slash
+ to empty buffer. Duplicate is_trusted_path code but allow
+ constructed patch to be prefix.
+ (is_dst): Allow $ORIGIN followed by /.
+ (_dl_dst_substitute): Correct clearing of check_for_trusted.
+ Correct testing of result of is_trusted_path_normalize
+ (decompose_rpath): Fix warning.
+
2011-05-10 Ulrich Drepper <drepper@xxxxxxxxx>
[BZ #11257]
Modified: fsf/trunk/libc/elf/dl-load.c
==============================================================================
--- fsf/trunk/libc/elf/dl-load.c (original)
+++ fsf/trunk/libc/elf/dl-load.c Wed May 11 00:03:25 2011
@@ -171,10 +171,6 @@
static bool
is_trusted_path (const char *path, size_t len)
{
- /* All trusted directories must be complete names. */
- if (path[0] != '/')
- return false;
-
const char *trun = system_dirs;
for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
@@ -193,9 +189,17 @@
static bool
is_trusted_path_normalize (const char *path, size_t len)
{
+ if (len == 0)
+ return false;
+
+ if (*path == ':')
+ {
+ ++path;
+ --len;
+ }
+
char *npath = (char *) alloca (len + 2);
char *wnp = npath;
-
while (*path != '\0')
{
if (path[0] == '/')
@@ -225,11 +229,23 @@
*wnp++ = *path++;
}
- if (wnp > npath && wnp[-1] != '/')
+
+ if (wnp == npath || wnp[-1] != '/')
*wnp++ = '/';
- *wnp = '\0';
-
- return is_trusted_path (npath, wnp - npath);
+
+ const char *trun = system_dirs;
+
+ for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
+ {
+ if (wnp - npath >= system_dirs_len[idx]
+ && memcmp (trun, npath, system_dirs_len[idx]) == 0)
+ /* Found it. */
+ return true;
+
+ trun += system_dirs_len[idx] + 1;
+ }
+
+ return false;
}
@@ -265,7 +281,8 @@
return 0;
if (__builtin_expect (secure, 0)
- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
+ && ((name[len] != '\0' && name[len] != '/'
+ && (!is_path || name[len] != ':'))
|| (name != start + 1 && (!is_path || name[-2] != ':'))))
return 0;
@@ -371,13 +388,12 @@
normalized path must be rooted in one of the trusted
directories. */
if (__builtin_expect (check_for_trusted, false)
- && is_trusted_path_normalize (last_elem, wp - last_elem))
- {
- wp = last_elem;
- check_for_trusted = false;
- }
+ && !is_trusted_path_normalize (last_elem, wp - last_elem))
+ wp = last_elem;
else
last_elem = wp;
+
+ check_for_trusted = false;
}
}
}
@@ -386,7 +402,7 @@
/* In SUID/SGID programs, after $ORIGIN expansion the normalized
path must be rooted in one of the trusted directories. */
if (__builtin_expect (check_for_trusted, false)
- && is_trusted_path_normalize (last_elem, wp - last_elem))
+ && !is_trusted_path_normalize (last_elem, wp - last_elem))
wp = last_elem;
*wp = '\0';
@@ -628,7 +644,7 @@
if (*copy == 0)
{
free (copy);
- sps->dirs = (char *) -1;
+ sps->dirs = (struct r_search_path_elem **) -1;
return false;
}