From patchwork Tue May 19 14:08:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 39320 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2CF11393BC3A; Tue, 19 May 2020 14:08:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2CF11393BC3A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1589897291; bh=48uzgqYmubRMHUm8S/FujphtVOMsGKz8ucUhY7rRtR8=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=tmIcbOts66Wp9nB1CuyIyDZjFST4pwTymHdBmTYX/bi+KrfyCx5xSRHPyOX+63daw paisEplbRa9nRAxf/l3Elr4rkXEYv1kIDj4xy+K3Nu/aZ7FQdWgRhCR80Rl/KBvLrA tUxpihAiO1jfX+95AP3ZLpKxPBx2nZYqSHhQlHho= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by sourceware.org (Postfix) with ESMTP id 55BDC3840C1D for ; Tue, 19 May 2020 14:08:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 55BDC3840C1D Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-331-OVuFnK2SNbOekN-VcX4DaA-1; Tue, 19 May 2020 10:08:04 -0400 X-MC-Unique: OVuFnK2SNbOekN-VcX4DaA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4FC01805725; Tue, 19 May 2020 14:08:03 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-113-18.ams2.redhat.com [10.36.113.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 99D37707CA; Tue, 19 May 2020 14:08:02 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH] ld.so: Check for new cache format first and enhance corruption check Date: Tue, 19 May 2020 16:08:00 +0200 Message-ID: <87ftbwggqn.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-14.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Florian Weimer via Libc-alpha From: Florian Weimer Reply-To: Florian Weimer Cc: Josh Triplett Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Now that ldconfig defaults to the new format (only), check for it first. Also apply the corruption check added in commit 2954daf00bb4d ("Add more checks for valid ld.so.cache file (bug 18093)") to the new-format-only case. Suggested-by: Josh Triplett --- Tested on i686-linux-gnu. I double-checked manually that the cache is still used after this change. elf/dl-cache.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/elf/dl-cache.c b/elf/dl-cache.c index 3eedd9afcf..14691d3d2b 100644 --- a/elf/dl-cache.c +++ b/elf/dl-cache.c @@ -199,11 +199,21 @@ _dl_load_cache_lookup (const char *name) PROT_READ); /* We can handle three different cache file formats here: + - only the new format - the old libc5/glibc2.0/2.1 format - the old format with the new format in it - - only the new format The following checks if the cache contains any of these formats. */ - if (file != MAP_FAILED && cachesize > sizeof *cache + if (file != MAP_FAILED && cachesize > sizeof *cache_new + && memcmp (file, CACHEMAGIC_VERSION_NEW, + sizeof CACHEMAGIC_VERSION_NEW - 1) == 0 + /* Check for corruption, avoiding overflow. */ + && ((cachesize - sizeof *cache_new) / sizeof (struct file_entry_new) + >= ((struct cache_file_new *) file)->nlibs)) + { + cache_new = file; + cache = file; + } + else if (file != MAP_FAILED && cachesize > sizeof *cache && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0 /* Check for corruption, avoiding overflow. */ && ((cachesize - sizeof *cache) / sizeof (struct file_entry) @@ -223,13 +233,6 @@ _dl_load_cache_lookup (const char *name) sizeof CACHEMAGIC_VERSION_NEW - 1) != 0) cache_new = (void *) -1; } - else if (file != MAP_FAILED && cachesize > sizeof *cache_new - && memcmp (file, CACHEMAGIC_VERSION_NEW, - sizeof CACHEMAGIC_VERSION_NEW - 1) == 0) - { - cache_new = file; - cache = file; - } else { if (file != MAP_FAILED)