[v2,05/19] elf: Do not process invalid tunable format
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
Commit Message
Tunable definitions with more than one '=' on are parsed and enabled,
and any subsequent '=' are ignored. It means that tunables in the form
'tunable=tunable=value' or 'tunable=value=value' are handled as
'tunable=value'. These inputs are likely user input errors, which
should not be accepted.
Checked on x86_64-linux-gnu.
---
elf/dl-tunables.c | 6 ++++--
elf/tst-tunables.c | 22 +++++++++++++++++-----
2 files changed, 21 insertions(+), 7 deletions(-)
Comments
On 2023-10-17 09:05, Adhemerval Zanella wrote:
> Tunable definitions with more than one '=' on are parsed and enabled,
> and any subsequent '=' are ignored. It means that tunables in the form
> 'tunable=tunable=value' or 'tunable=value=value' are handled as
> 'tunable=value'. These inputs are likely user input errors, which
> should not be accepted.
>
> Checked on x86_64-linux-gnu.
> ---
> elf/dl-tunables.c | 6 ++++--
> elf/tst-tunables.c | 22 +++++++++++++++++-----
> 2 files changed, 21 insertions(+), 7 deletions(-)
>
> diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
> index a83bd2b8bc..59bee61124 100644
> --- a/elf/dl-tunables.c
> +++ b/elf/dl-tunables.c
> @@ -192,10 +192,12 @@ parse_tunables (char *valstring)
>
> const char *value = p;
>
> - while (*p != ':' && *p != '\0')
> + while (*p != '=' && *p != ':' && *p != '\0')
> p++;
>
> - if (*p == '\0')
> + if (*p == '=')
> + break;
> + else if (*p == '\0')
So we're not going to attempt to parse any tunables after the malformed
one. A bit harsh, but probably safer. OK.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> done = true;
> else
> *p++ = '\0';
> diff --git a/elf/tst-tunables.c b/elf/tst-tunables.c
> index 57cf532fc4..03039b5260 100644
> --- a/elf/tst-tunables.c
> +++ b/elf/tst-tunables.c
> @@ -161,24 +161,36 @@ static const struct test_t
> 0,
> 0,
> },
> - /* The ill-formatted tunable is also skipped. */
> + /* If there is a ill-formatted key=value, everything after is also ignored. */
> {
> "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096:glibc.malloc.check=2",
> - 2,
> + 0,
> 0,
> 0,
> },
> - /* For an integer tunable, parse will stop on non number character. */
> {
> "glibc.malloc.check=2=2",
> - 2,
> + 0,
> 0,
> 0,
> },
> {
> "glibc.malloc.check=2=2:glibc.malloc.mmap_threshold=4096",
> + 0,
> + 0,
> + 0,
> + },
> + {
> + "glibc.malloc.check=2=2:glibc.malloc.check=2",
> + 0,
> + 0,
> + 0,
> + },
> + /* Valid tunables set before ill-formatted ones are set. */
> + {
> + "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096",
> 2,
> - 4096,
> + 0,
> 0,
> }
> };
@@ -192,10 +192,12 @@ parse_tunables (char *valstring)
const char *value = p;
- while (*p != ':' && *p != '\0')
+ while (*p != '=' && *p != ':' && *p != '\0')
p++;
- if (*p == '\0')
+ if (*p == '=')
+ break;
+ else if (*p == '\0')
done = true;
else
*p++ = '\0';
@@ -161,24 +161,36 @@ static const struct test_t
0,
0,
},
- /* The ill-formatted tunable is also skipped. */
+ /* If there is a ill-formatted key=value, everything after is also ignored. */
{
"glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096:glibc.malloc.check=2",
- 2,
+ 0,
0,
0,
},
- /* For an integer tunable, parse will stop on non number character. */
{
"glibc.malloc.check=2=2",
- 2,
+ 0,
0,
0,
},
{
"glibc.malloc.check=2=2:glibc.malloc.mmap_threshold=4096",
+ 0,
+ 0,
+ 0,
+ },
+ {
+ "glibc.malloc.check=2=2:glibc.malloc.check=2",
+ 0,
+ 0,
+ 0,
+ },
+ /* Valid tunables set before ill-formatted ones are set. */
+ {
+ "glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096=4096",
2,
- 4096,
+ 0,
0,
}
};