about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-07-31 15:14:06 -0400
committerRich Felker <dalias@aerifal.cx>2013-07-31 15:14:06 -0400
commit27593d3a357073cfd24e6b09e207b8c742cd2dd7 (patch)
treef8cfce047927f5f044cb600e10f36058adc4781e /src
parentf8c376da9512c8c8a97781100aa04533740171d4 (diff)
downloadmusl-27593d3a357073cfd24e6b09e207b8c742cd2dd7.tar.gz
musl-27593d3a357073cfd24e6b09e207b8c742cd2dd7.tar.xz
musl-27593d3a357073cfd24e6b09e207b8c742cd2dd7.zip
fix theoretical out-of-bound access in dynamic linker
one of the arguments to memcmp may be shorter than the length l-3, and
memcmp is under no obligation not to access past the first byte that
differs. instead use strncmp which conveys the correct semantics. the
performance difference is negligible here and since the code is only
use for shared libc, both functions are already linked anyway.
Diffstat (limited to 'src')
-rw-r--r--src/ldso/dynlink.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 814f5c7e..2f399a57 100644
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -467,7 +467,7 @@ static struct dso *load_library(const char *name)
 		char *z = strchr(name, '.');
 		if (z) {
 			size_t l = z-name;
-			for (rp=reserved; *rp && memcmp(name+3, rp, l-3); rp+=strlen(rp)+1);
+			for (rp=reserved; *rp && strncmp(name+3, rp, l-3); rp+=strlen(rp)+1);
 			if (*rp) {
 				if (ldd_mode) {
 					/* Track which names have been resolved