diff mbox

posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)

Message ID lnc4bg$qk0$1@ger.gmane.org
State Committed
Headers

Commit Message

Stefan Liebler June 12, 2014, 11:53 a.m. UTC 
  On 06/11/2014 10:52 PM, Florian Weimer wrote:
> POSIX requires that we make a copy, so we allocate a new string and free
> it in posix_spawn_file_actions_destroy.
>
> The reporters (David Reid, Alex Gaynor, and Glyph Lefkowitz) are
> concerned that not the old behavior could result in security
> vulnerabilities in applications, and I agree that this cannot be ruled out.
>

Hi,

on s390 the test elf/check-localplt fails with this patch due to a call 
to strdup@plt in function posix_spawn_file_actions_addopen.

Including string.h solves the issue on s390/s390x.
Please retest and commit.

Bye

---
2014-06-12  Stefan Liebler  <stli@linux.vnet.ibm.com>

	* posix/spawn_faction_addopen.c:
	Include string.h to avoid strdup@plt call.
---

Comments

Florian Weimer June 12, 2014, 12:21 p.m. UTC | #1 
On 06/12/2014 01:53 PM, Stefan Liebler wrote:

> on s390 the test elf/check-localplt fails with this patch due to a call
> to strdup@plt in function posix_spawn_file_actions_addopen.
>
> Including string.h solves the issue on s390/s390x.
> Please retest and commit.

Thanks.  Tested, committed, and pushed.
diff mbox

Patch

diff --git a/posix/spawn_faction_addopen.c b/posix/spawn_faction_addopen.c
index 40800b8..eba158c 100644
--- a/posix/spawn_faction_addopen.c
+++ b/posix/spawn_faction_addopen.c
@@ -18,6 +18,7 @@ 
 #include <errno.h>
 #include <spawn.h>
 #include <unistd.h>
+#include <string.h>
 
 #include "spawn_int.h"