diff options
Diffstat (limited to 'main/musl/0024-avoid-loading-of-multiple-libc-versions-via-explicit.patch')
| -rw-r--r-- | main/musl/0024-avoid-loading-of-multiple-libc-versions-via-explicit.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/main/musl/0024-avoid-loading-of-multiple-libc-versions-via-explicit.patch b/main/musl/0024-avoid-loading-of-multiple-libc-versions-via-explicit.patch new file mode 100644 index 0000000000..d2e352183f --- /dev/null +++ b/main/musl/0024-avoid-loading-of-multiple-libc-versions-via-explicit.patch @@ -0,0 +1,55 @@ +From c49d3c8adadfa24235fcf4779bb722b1aa6f480b Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 14 Mar 2017 18:51:27 -0400 +Subject: [PATCH] avoid loading of multiple libc versions via explicit pathname + +such loading is unsafe, and can happen when programs use their own +logic to locate a .so file then pass the absolute pathname to dlopen, +or if an absolute pathname ends up in DT_NEEDED headers. multiple +loads with only the base name were already precluded, provided libc +was named appropriately, by special-casing standard library names. + +one function symbol (in the reserved namespace, but public, since it's +part of the crt1 entry point ABI) and one data symbol are checked. +this way we avoid likely false positives, particularly from libraries +interposing and wrapping functions. there is no hard requirement to +avoid breaking such usage, since trying to run a hook before libc is +even initialized is not a supported usage case, but it's friendlier +not to break things. +--- + ldso/dynlink.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/ldso/dynlink.c b/ldso/dynlink.c +index f8db1f82..80d85e94 100644 +--- a/ldso/dynlink.c ++++ b/ldso/dynlink.c +@@ -1042,6 +1042,17 @@ static struct dso *load_library(const char *name, struct dso *needed_by) + close(fd); + if (!map) return 0; + ++ /* Avoid the danger of getting two versions of libc mapped into the ++ * same process when an absolute pathname was used. The symbols ++ * checked are chosen to catch both musl and glibc, and to avoid ++ * false positives from interposition-hack libraries. */ ++ decode_dyn(&temp_dso); ++ if (find_sym(&temp_dso, "__libc_start_main", 1).sym && ++ find_sym(&temp_dso, "stdin", 1).sym) { ++ unmap_library(&temp_dso); ++ return load_library("libc.so", needed_by); ++ } ++ + /* Allocate storage for the new DSO. When there is TLS, this + * storage must include a reservation for all pre-existing + * threads to obtain copies of both the new TLS, and an +@@ -1061,7 +1072,6 @@ static struct dso *load_library(const char *name, struct dso *needed_by) + return 0; + } + memcpy(p, &temp_dso, sizeof temp_dso); +- decode_dyn(p); + p->dev = st.st_dev; + p->ino = st.st_ino; + p->refcnt = 1; +-- +2.11.1 + |