posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048)
Commit Message
On 06/11/2014 10:52 PM, Florian Weimer wrote:
> POSIX requires that we make a copy, so we allocate a new string and free
> it in posix_spawn_file_actions_destroy.
>
> The reporters (David Reid, Alex Gaynor, and Glyph Lefkowitz) are
> concerned that not the old behavior could result in security
> vulnerabilities in applications, and I agree that this cannot be ruled out.
>
Hi,
on s390 the test elf/check-localplt fails with this patch due to a call
to strdup@plt in function posix_spawn_file_actions_addopen.
Including string.h solves the issue on s390/s390x.
Please retest and commit.
Bye
---
2014-06-12 Stefan Liebler <stli@linux.vnet.ibm.com>
* posix/spawn_faction_addopen.c:
Include string.h to avoid strdup@plt call.
---
Comments
On 06/12/2014 01:53 PM, Stefan Liebler wrote:
> on s390 the test elf/check-localplt fails with this patch due to a call
> to strdup@plt in function posix_spawn_file_actions_addopen.
>
> Including string.h solves the issue on s390/s390x.
> Please retest and commit.
Thanks. Tested, committed, and pushed.
@@ -18,6 +18,7 @@
#include <errno.h>
#include <spawn.h>
#include <unistd.h>
+#include <string.h>
#include "spawn_int.h"