From patchwork Fri Apr 17 21:03:15 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roland McGrath X-Patchwork-Id: 462193 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id DCE08140082 for ; Sat, 18 Apr 2015 07:03:24 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass reason="1024-bit key; unprotected key" header.d=sourceware.org header.i=@sourceware.org header.b=KrkZzD1O; dkim-adsp=none (unprotected policy); dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:content-type :content-transfer-encoding:from:to:cc:subject:in-reply-to :references:message-id:date; q=dns; s=default; b=PzG7yhxwh9ItFms NGTRTTZ433kRdEh+6fPBom4J2n5F4NMc3elbyPnds+xQo5liIR0gSiSDfujtw7qQ ltrQ0nrDKp5XcLPPSpuleO/9eJgDGQDr9PkfU5ufxrGOG5nRpdNOnlqlVFfJckNS VmC1r8/EeHmjeWuiBMyqy7DQZTNw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:content-type :content-transfer-encoding:from:to:cc:subject:in-reply-to :references:message-id:date; s=default; bh=8/io36a1SX68+8YlsMJ2o Pn/2dQ=; b=KrkZzD1OE98gyFrR+o6S0tRiOKB+LwJrzvk48QHIGVO0O3/OPQBaK cEQP4yWvch6BafFGkC3roZjoXtIaHbblczwjE+Aq18KxoqDoym+LRe/GYpWi1/Hb UxTzFHJPib/J8XQFqWPhgI/zOMT0SD0Gc9UGp4JkKgMQImzR1Tfj6k= Received: (qmail 115595 invoked by alias); 17 Apr 2015 21:03:19 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 115585 invoked by uid 89); 17 Apr 2015 21:03:18 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL, BAYES_00, KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: topped-with-meat.com MIME-Version: 1.0 From: Roland McGrath to: CC: Subject: [COMMITTED PATCH] Fuller check for invalid NSID in _dl_open. In-Reply-To: Steve Ellcey's message of Friday, 17 April 2015 13:46:14 -0700 <1429303574.30498.247.camel@ubuntu-sellcey> References: <88baa580-c27b-4fc8-b7da-7de3c0a7f64d@BAMAIL02.ba.imgtec.org> <20150417192032.70DE42C3B91@topped-with-meat.com> <1429300312.30498.241.camel@ubuntu-sellcey> <20150417195820.664E52C3B86@topped-with-meat.com> <1429300926.30498.243.camel@ubuntu-sellcey> <1429303574.30498.247.camel@ubuntu-sellcey> Message-Id: <20150417210315.B68D42C3AB9@topped-with-meat.com> Date: Fri, 17 Apr 2015 14:03:15 -0700 (PDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=SvUDtp+0 c=1 sm=1 tr=0 a=WkljmVdYkabdwxfqvArNOQ==:117 a=14OXPxybAAAA:8 a=kj9zAlcOel0A:10 a=hOe2yjtxAAAA:8 a=rxWXYwp4bqm4pF4tegQA:9 a=CjuIK1q_8ugA:10 This is the patch I just posted under: Subject: Re: Build problem with ToT GCC But in case some people didn't notice it was a proposed patch, here it is again, just committed after Steve's verification that it fixes the trunk-gcc warning. Thanks, Roland 2015-04-17 Roland McGrath * elf/dl-open.c (_dl_open): Use __glibc_unlikely in invalid namespace check. Reject NSID < 0 and NSID >= dl_nns, and check for DL_NNS==1, before using NSID as an index. diff --git a/elf/dl-open.c b/elf/dl-open.c index 0dbe07f..2d0e082 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -619,8 +619,14 @@ no more namespaces available for dlmopen()")); /* Never allow loading a DSO in a namespace which is empty. Such direct placements is only causing problems. Also don't allow loading into a namespace used for auditing. */ - else if (__builtin_expect (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER, 0) - && (GL(dl_ns)[nsid]._ns_nloaded == 0 + else if (__glibc_unlikely (nsid != LM_ID_BASE && nsid != __LM_ID_CALLER) + && (__glibc_unlikely (nsid < 0 || nsid >= GL(dl_nns)) + /* This prevents the [NSID] index expressions from being + evaluated, so the compiler won't think that we are + accessing an invalid index here in the !SHARED case where + DL_NNS is 1 and so any NSID != 0 is invalid. */ + || DL_NNS == 1 + || GL(dl_ns)[nsid]._ns_nloaded == 0 || GL(dl_ns)[nsid]._ns_loaded->l_auditing)) _dl_signal_error (EINVAL, file, NULL, N_("invalid target namespace in dlmopen()"));