GNU bug report logs - #19890
[PATCH] Use after free in dld_link on error path

Previous Next

Package: libtool;

Reported by: Tobias Stoeckmann <tobias <at> stoeckmann.org>

Date: Tue, 17 Feb 2015 21:44:02 UTC

Severity: normal

Tags: patch

Fixed in version 2.4.6.25

Done: Pavel Raiskup <praiskup <at> redhat.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pavel Raiskup <praiskup <at> redhat.com>
To: 19890 <at> debbugs.gnu.org
Cc: tobias <at> stoeckmann.org
Subject: bug#19890: [PATCH] Check for strdup NULL return value
Date: Fri, 12 Feb 2016 16:12:57 +0100

Thanks for the report, Tobias.

On Tuesday 17 of February 2015 22:59:55 Tobias Stoeckmann wrote:
> -  if (dld_link (filename) != 0)
> +  if (module == NULL)
> +    {
> +      LT__SETERROR (NO_MEMORY);
> +    }

There is 'lt__alloc_die = lt__alloc_die_callback;' in ltdl.c (properly
setting the lasterror).  Can you verify that this patch is good enough?

|  libltdl: handle ENOMEM sooner
|
|  * libltdl/loaders/dld_link.c (vm_open): Do not even try dld_link()
|  in case of ENOMEM.
|
|  diff --git a/libltdl/loaders/dld_link.c b/libltdl/loaders/dld_link.c
|  index a73880f..0edf0df 100644
|  --- a/libltdl/loaders/dld_link.c
|  +++ b/libltdl/loaders/dld_link.c
|  @@ -112,7 +112,7 @@ vm_open (lt_user_data loader_data LT__UNUSED, const char *filename,
|   {
|     lt_module module = lt__strdup (filename);
|
|  -  if (dld_link (filename) != 0)
|  +  if (module && dld_link (filename) != 0)
|       {
|         LT__SETERROR (CANNOT_OPEN);
|         FREE (module);

Pavel

This bug report was last modified 9 years and 99 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #19890 [PATCH] Use after free in dld_link on error path

GNU bug report logs - #19890
[PATCH] Use after free in dld_link on error path