glibc/string/strerror_l.c
Florian Weimer e73fd06b7f string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)
Secondary namespaces have a different malloc.  Allocating the
buffer in one namespace and freeing it another results in
heap corruption.  Fix this by using a static string (potentially
translated) in secondary namespaces.  It would also be possible
to use the malloc from the initial namespace to manage the
buffer, but these functions would still not be safe to use in
auditors etc. because a call to strerror could still free a
buffer while it is used by the application.  Another approach
could use proper initial-exec TLS, duplicated in secondary
namespaces, but that would need a callback interface for freeing
libc resources in namespaces on thread exit, which does not exist
today.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit 25a5eb4010)
2024-08-19 16:11:19 +02:00

77 lines
2.2 KiB
C

/* Copyright (C) 2007-2024 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <libintl.h>
#include <locale.h>
#include <stdio.h>
#include <string.h>
#include <tls-internal.h>
#include <libc-internal.h>
static const char *
translate (const char *str, locale_t loc)
{
locale_t oldloc = __uselocale (loc);
const char *res = _(str);
__uselocale (oldloc);
return res;
}
static char *
unknown_error (locale_t loc)
{
return (char *) translate ("Unknown error", loc);
}
/* Return a string describing the errno code in ERRNUM. */
char *
__strerror_l (int errnum, locale_t loc)
{
int saved_errno = errno;
char *err = (char *) __get_errlist (errnum);
if (__glibc_unlikely (err == NULL))
{
if (__libc_initial)
{
struct tls_internal_t *tls_internal = __glibc_tls_internal ();
free (tls_internal->strerror_l_buf);
if (__asprintf (&tls_internal->strerror_l_buf, "%s%d",
translate ("Unknown error ", loc), errnum) > 0)
err = tls_internal->strerror_l_buf;
else
{
/* The memory was freed above. */
tls_internal->strerror_l_buf = NULL;
/* Provide a fallback translation. */
err = unknown_error (loc);
}
}
else
/* Secondary namespaces use a different malloc, so cannot
participate in the buffer management. */
err = unknown_error (loc);
}
else
err = (char *) translate (err, loc);
__set_errno (saved_errno);
return err;
}
weak_alias (__strerror_l, strerror_l)
libc_hidden_def (__strerror_l)