summaryrefslogtreecommitdiff
path: root/patches/glibc/2.17/106-dl-open-array-bounds.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches/glibc/2.17/106-dl-open-array-bounds.patch')
-rw-r--r--patches/glibc/2.17/106-dl-open-array-bounds.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/patches/glibc/2.17/106-dl-open-array-bounds.patch b/patches/glibc/2.17/106-dl-open-array-bounds.patch
new file mode 100644
index 0000000..a8efe9a
--- /dev/null
+++ b/patches/glibc/2.17/106-dl-open-array-bounds.patch
@@ -0,0 +1,27 @@
+commit 328c44c3670ebf6c1bd790acddce65a12998cd6c
+Author: Roland McGrath <roland@hack.frob.com>
+Date: Fri Apr 17 12:11:58 2015 -0700
+
+ Fuller check for invalid NSID in _dl_open.
+
+diff --git a/elf/dl-open.c b/elf/dl-open.c
+index 0dbe07f..2d0e082 100644
+--- a/elf/dl-open.c
++++ b/elf/dl-open.c
+@@ -619,8 +619,14 @@ no more namespaces available for dlmopen()"));
+ /* Never allow loading a DSO in a namespace which is empty. Such
+ direct placements is only causing problems. Also don't allow
+ loading into a namespace used for auditing. */
+- else if (__builtin_expect (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER, 0)
+- && (GL(dl_ns)[nsid]._ns_nloaded == 0
++ else if (__glibc_unlikely (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER)
++ && (__glibc_unlikely (nsid < 0 || nsid >= GL(dl_nns))
++ /* This prevents the [NSID] index expressions from being
++ evaluated, so the compiler won't think that we are
++ accessing an invalid index here in the !SHARED case where
++ DL_NNS is 1 and so any NSID != 0 is invalid. */
++ || DL_NNS == 1
++ || GL(dl_ns)[nsid]._ns_nloaded == 0
+ || GL(dl_ns)[nsid]._ns_loaded->l_auditing))
+ _dl_signal_error (EINVAL, file, NULL,
+ N_("invalid target namespace in dlmopen()"));
generated by cgit v0.10.2-6-g49f6 at 2024-04-18 17:00:16 (GMT)