aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch')
-rw-r--r--gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch124
1 files changed, 0 insertions, 124 deletions
diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch b/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch
deleted file mode 100644
index 4b859c4bfd..0000000000
--- a/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 19 Jun 2017 22:31:04 +0200
-Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
-
-patch from:
-https://sourceware.org/git/?p=glibc.git;a=patch;h=6d0ba622891bed9d8394eef1935add53003b12e8
-
----
- ChangeLog | 7 ++++++
- elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
- 2 files changed, 73 insertions(+), 16 deletions(-)
-
-diff --git a/elf/rtld.c b/elf/rtld.c
-index 2269dbe..86ae20c 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
- strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
- #endif
-
-+/* Length limits for names and paths, to protect the dynamic linker,
-+ particularly when __libc_enable_secure is active. */
-+#ifdef NAME_MAX
-+# define SECURE_NAME_LIMIT NAME_MAX
-+#else
-+# define SECURE_NAME_LIMIT 255
-+#endif
-+#ifdef PATH_MAX
-+# define SECURE_PATH_LIMIT PATH_MAX
-+#else
-+# define SECURE_PATH_LIMIT 1024
-+#endif
-+
-+/* Check that AT_SECURE=0, or that the passed name does not contain
-+ directories and is not overly long. Reject empty names
-+ unconditionally. */
-+static bool
-+dso_name_valid_for_suid (const char *p)
-+{
-+ if (__glibc_unlikely (__libc_enable_secure))
-+ {
-+ /* Ignore pathnames with directories for AT_SECURE=1
-+ programs, and also skip overlong names. */
-+ size_t len = strlen (p);
-+ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
-+ return false;
-+ }
-+ return *p != '\0';
-+}
-
- /* List of auditing DSOs. */
- static struct audit_list
-@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro;
- /* Nonzero if information about versions has to be printed. */
- static int version_info attribute_relro;
-
-+/* The LD_PRELOAD environment variable gives list of libraries
-+ separated by white space or colons that are loaded before the
-+ executable's dependencies and prepended to the global scope list.
-+ (If the binary is running setuid all elements containing a '/' are
-+ ignored since it is insecure.) Return the number of preloads
-+ performed. */
-+unsigned int
-+handle_ld_preload (const char *preloadlist, struct link_map *main_map)
-+{
-+ unsigned int npreloads = 0;
-+ const char *p = preloadlist;
-+ char fname[SECURE_PATH_LIMIT];
-+
-+ while (*p != '\0')
-+ {
-+ /* Split preload list at space/colon. */
-+ size_t len = strcspn (p, " :");
-+ if (len > 0 && len < sizeof (fname))
-+ {
-+ memcpy (fname, p, len);
-+ fname[len] = '\0';
-+ }
-+ else
-+ fname[0] = '\0';
-+
-+ /* Skip over the substring and the following delimiter. */
-+ p += len;
-+ if (*p != '\0')
-+ ++p;
-+
-+ if (dso_name_valid_for_suid (fname))
-+ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
-+ }
-+ return npreloads;
-+}
-+
- static void
- dl_main (const ElfW(Phdr) *phdr,
- ElfW(Word) phnum,
-@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
-
- if (__glibc_unlikely (preloadlist != NULL))
- {
-- /* The LD_PRELOAD environment variable gives list of libraries
-- separated by white space or colons that are loaded before the
-- executable's dependencies and prepended to the global scope
-- list. If the binary is running setuid all elements
-- containing a '/' are ignored since it is insecure. */
-- char *list = strdupa (preloadlist);
-- char *p;
--
- HP_TIMING_NOW (start);
--
-- /* Prevent optimizing strsep. Speed is not important here. */
-- while ((p = (strsep) (&list, " :")) != NULL)
-- if (p[0] != '\0'
-- && (__builtin_expect (! __libc_enable_secure, 1)
-- || strchr (p, '/') == NULL))
-- npreloads += do_preload (p, main_map, "LD_PRELOAD");
--
-+ npreloads += handle_ld_preload (preloadlist, main_map);
- HP_TIMING_NOW (stop);
- HP_TIMING_DIFF (diff, start, stop);
- HP_TIMING_ACCUM_NT (load_time, diff);
---
-2.9.3
-