elf: Do not process invalid tunable format

Tunable definitions with more than one '=' on are parsed and enabled, and any subsequent '=' are ignored. It means that tunables in the form 'tunable=tunable=value' or 'tunable=value=value' are handled as 'tunable=value'. These inputs are likely user input errors, which should not be accepted. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2024-11-21 20:40:05 +00:00 · 2023-11-06 17:25:38 -03:00 · 2023-11-06 17:25:38 -03:00 · b4cf6cac73
commit b4cf6cac73
parent 11f7e3dd8f
2 changed files with 21 additions and 7 deletions
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@ -192,10 +192,12 @@ parse_tunables (char *valstring)

      const char *value = p;

-      while (*p != ':' && *p != '\0')
+      while (*p != '=' && *p != ':' && *p != '\0')
 	p++;

-      if (*p == '\0')
+      if (*p == '=')
+	break;
+      else if (*p == '\0')
 	done = true;
      else
 	*p++ = '\0';
--- a/elf/tst-tunables.c
+++ b/elf/tst-tunables.c
@ -161,24 +161,36 @@ static const struct test_t
    0,
    0,
  },
-  /* The ill-formatted tunable is also skipped.  */
+  /* If there is a ill-formatted key=value, everything after is also ignored.  */
  {
    "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096:glibc.malloc.check=2",
-    2,
+    0,
    0,
    0,
  },
-  /* For an integer tunable, parse will stop on non number character.  */
  {
    "glibc.malloc.check=2=2",
-    2,
+    0,
    0,
    0,
  },
  {
    "glibc.malloc.check=2=2:glibc.malloc.mmap_threshold=4096",
+    0,
+    0,
+    0,
+  },
+  {
+    "glibc.malloc.check=2=2:glibc.malloc.check=2",
+    0,
+    0,
+    0,
+  },
+  /* Valid tunables set before ill-formatted ones are set.  */
+  {
+    "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096",
    2,
-    4096,
+    0,
    0,
  }
 };