Add more checks for valid ld.so.cache file (bug 18093)

This commit is contained in:
Andreas Schwab 2018-10-23 09:40:14 +02:00
parent a27a4f4721
commit 2954daf00b
3 changed files with 16 additions and 1 deletions

View File

@ -1,3 +1,10 @@
2018-10-24 Andreas Schwab <schwab@suse.de>
[BZ #18093]
* elf/dl-cache.c (_dl_load_cache_lookup): Check for truncated old
format cache.
* elf/cache.c (print_cache): Likewise.
2018-10-24 Albert ARIBAUD <albert.aribaud@3adev.fr>
* bits/timesize.h: New file.

View File

@ -199,6 +199,11 @@ print_cache (const char *cache_name)
}
else
{
/* Check for corruption, avoiding overflow. */
if ((cache_size - sizeof (struct cache_file)) / sizeof (struct file_entry)
< cache->nlibs)
error (EXIT_FAILURE, 0, _("File is not a cache file.\n"));
size_t offset = ALIGN_CACHE (sizeof (struct cache_file)
+ (cache->nlibs
* sizeof (struct file_entry)));

View File

@ -204,7 +204,10 @@ _dl_load_cache_lookup (const char *name)
- only the new format
The following checks if the cache contains any of these formats. */
if (file != MAP_FAILED && cachesize > sizeof *cache
&& memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0)
&& memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0
/* Check for corruption, avoiding overflow. */
&& ((cachesize - sizeof *cache) / sizeof (struct file_entry)
>= ((struct cache_file *) file)->nlibs))
{
size_t offset;
/* Looks ok. */