Fix invalid free of memory allocated during rtld init

This commit is contained in:
Andreas Schwab 2013-01-15 16:39:07 +01:00
parent 01dc6df938
commit 273cdee86d
3 changed files with 17 additions and 5 deletions

View File

@ -1,3 +1,9 @@
2013-04-11 Andreas Schwab <schwab@suse.de>
[BZ #14293]
* elf/dl-load.c (_dl_init_paths): Mark decomposed RUNPATH as
non-freeable.
2013-04-11 Siddhesh Poyarekar <siddhesh@redhat.com>
* Makeconfig (rtld-prefix): Define built linker prefix.

10
NEWS
View File

@ -10,11 +10,11 @@ Version 2.18
* The following bugs are resolved with this release:
10060, 10062, 10357, 11120, 11561, 12723, 13550, 13889, 13951, 14142,
14176, 14200, 14317, 14327, 14478, 14496, 14686, 14812, 14920, 14964,
14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023, 15036,
15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283, 15285,
15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337,
15342, 15346.
14176, 14200, 14293, 14317, 14327, 14478, 14496, 14686, 14812, 14920,
14964, 14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023,
15036, 15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283,
15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336,
15337, 15342, 15346.
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
#15078).

View File

@ -797,6 +797,9 @@ _dl_init_paths (const char *llp)
(const void *) (D_PTR (l, l_info[DT_STRTAB])
+ l->l_info[DT_RUNPATH]->d_un.d_val),
l, "RUNPATH");
/* During rtld init the memory is allocated by the stub malloc,
prevent any attempt to free it by the normal malloc. */
l->l_runpath_dirs.malloced = 0;
/* The RPATH is ignored. */
l->l_rpath_dirs.dirs = (void *) -1;
@ -813,6 +816,9 @@ _dl_init_paths (const char *llp)
(const void *) (D_PTR (l, l_info[DT_STRTAB])
+ l->l_info[DT_RPATH]->d_un.d_val),
l, "RPATH");
/* During rtld init the memory is allocated by the stub
malloc, prevent any attempt to free it by the normal
malloc. */
l->l_rpath_dirs.malloced = 0;
}
else