diff options
| author | Ulrich Drepper <drepper@redhat.com> | 1999-11-10 02:42:49 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 1999-11-10 02:42:49 +0000 |
| commit | 2864e767053317538feafa815046fff89e5a16be (patch) | |
| tree | a52fa311533e331ee0dbf609092e5cf6dc554b82 /elf | |
| parent | f2b9733fd6af9cd7e2aac553db4b30c96b83f66c (diff) | |
| download | glibc-2864e767053317538feafa815046fff89e5a16be.tar.gz glibc-2864e767053317538feafa815046fff89e5a16be.tar.xz glibc-2864e767053317538feafa815046fff89e5a16be.zip | |
Update.
1999-11-09 Ulrich Drepper <drepper@cygnus.com> * elf/dl-load.c (_dl_dst_count): Allow $ORIGIN to point to directory with the reference since this is as secure as using the object with the dependency. (_dl_dst_substitute): Likewise. * elf/dl-load.c (_dl_dst_count): Change strings in first two strncmp calls to allow reuse. (_dl_dst_substitute): Likewise. 1999-11-01 Arnold D. Robbins <arnold@skeeve.com> * posix/regex.c (init_syntax_once): move below definition of ISALNUM etc., then use ISALNUM to init the table, so that the word ops will work if i18n'ed. (SYNTAX): And subscript with 0xFF for 8bit character sets. 1999-11-09 Andreas Jaeger <aj@suse.de> * sysdeps/unix/getlogin_r.c (getlogin_r): Sync with getlogin implementation for ttyname_r call; fix inverted condition; return ut_user. Closes PR libc/1438. 1999-11-09 Ulrich Drepper <drepper@cygnus.com> * timezone/checktab.awk: Update from tzcode1999h. * timezone/africa: Update from tzdata1999i. * timezone/asia: Likewise. * timezone/australasia: Likewise. * timezone/backward: Likewise. * timezone/europe: Likewise. * timezone/northamerica: Likewise. * timezone/southamerica: Likewise. * timezone/iso3166.tab: Likewise. * timezone/zone.tab: Likewise. * sysdeps/unix/sysv/linux/bits/resource.h: Define values also as macros. Patch by brg@csua.berkeley.edu [PR libc/1439]. 1999-11-09 Andreas Jaeger <aj@suse.de> * posix/Makefile (tests): Added tst-getlogin. * posix/tst-getlogin.c: New file, contains simple tests for getlogin and getlogin_r. 1999-11-09 Andreas Schwab <schwab@suse.de> * misc/syslog.c: For LOG_PERROR only append a newline if necessary.
Diffstat (limited to 'elf')
| -rw-r--r-- | elf/dl-load.c | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/elf/dl-load.c b/elf/dl-load.c index eb3c41577a..2d5478621b 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -149,21 +149,31 @@ local_strdup (const char *s) size_t _dl_dst_count (const char *name, int is_path) { + const char *const start = name; size_t cnt = 0; do { size_t len = 1; - /* $ORIGIN is not expanded for SUID/GUID programs. */ - if ((((!__libc_enable_secure - && strncmp (&name[1], "ORIGIN", 6) == 0 && (len = 7) != 0) - || (strncmp (&name[1], "PLATFORM", 8) == 0 && (len = 9) != 0)) + /* $ORIGIN is not expanded for SUID/GUID programs. + + Note that it is no bug that the strings in the first two `strncmp' + calls are longer than the sequence which is actually tested. */ + if ((((strncmp (&name[1], "ORIGIN}", 6) == 0 + && (!__libc_enable_secure + || ((name[7] == '\0' || (is_path && name[7] == ':')) + && (name == start || (is_path && name[-1] == ':')))) + && (len = 7) != 0) + || (strncmp (&name[1], "PLATFORM}", 8) == 0 && (len = 9) != 0)) && (name[len] == '\0' || name[len] == '/' || (is_path && name[len] == ':'))) || (name[1] == '{' - && ((!__libc_enable_secure - && strncmp (&name[2], "ORIGIN}", 7) == 0 && (len = 9) != 0) + && ((strncmp (&name[2], "ORIGIN}", 7) == 0 + && (!__libc_enable_secure + || ((name[9] == '\0' || (is_path && name[9] == ':')) + && (name == start || (is_path && name[-1] == ':')))) + && (len = 9) != 0) || (strncmp (&name[2], "PLATFORM}", 9) == 0 && (len = 11) != 0)))) ++cnt; @@ -180,6 +190,7 @@ char * _dl_dst_substitute (struct link_map *l, const char *name, char *result, int is_path) { + const char *const start = name; char *last_elem, *wp; /* Now fill the result path. While copying over the string we keep @@ -195,8 +206,10 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, const char *repl; size_t len; - if ((((strncmp (&name[1], "ORIGIN", 6) == 0 && (len = 7) != 0) - || (strncmp (&name[1], "PLATFORM", 8) == 0 && (len = 9) != 0)) + /* Note that it is no bug that the strings in the first two `strncmp' + calls are longer than the sequence which is actually tested. */ + if ((((strncmp (&name[1], "ORIGIN}", 6) == 0 && (len = 7) != 0) + || (strncmp (&name[1], "PLATFORM}", 8) == 0 && (len = 9) != 0)) && (name[len] == '\0' || name[len] == '/' || (is_path && name[len] == ':'))) || (name[1] == '{' @@ -205,7 +218,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, && (len = 11) != 0)))) { repl = ((len == 7 || name[2] == 'O') - ? (__libc_enable_secure ? NULL : l->l_origin) + ? (__libc_enable_secure + && ((name[len] != '\0' + && (!is_path || name[len] != ':')) + || (name != start + && (!is_path || name[-1] != ':'))) + ? NULL : l->l_origin) : _dl_platform); if (repl != NULL && repl != (const char *) -1) @@ -259,7 +277,7 @@ expand_dynamic_string_token (struct link_map *l, const char *s) size_t total; char *result; - /* Determine the nubmer of DST elements. */ + /* Determine the number of DST elements. */ cnt = DL_DST_COUNT (s, 1); /* If we do not have to replace anything simply copy the string. */ |