d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rtld: Fix null-pointer dereference

Browse Source 
When a library is opened via fdlopen, it has a null pointer for its path
and so _rtld_bind can crash as a result of passing the null pointer to
basename() (which passes it to strrchr(), which doesn't do a null check).

PR:	253081
Submitted by:	theraven
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28442
This commit is contained in:
David Chisnall 2021-02-02 16:06:33 +02:00 committed by Konstantin Belousov
parent d21ce74dcc
commit 43d44842ae
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libexec/rtld-elf/rtld.c
View File

@ -894,8 +894,10 @@ _rtld_bind(Obj_Entry *obj, Elf_Size reloff)
target = (Elf_Addr)(defobj->relocbase + def->st_value);
dbg("\"%s\" in \"%s\" ==> %p in \"%s\"",
defobj->strtab + def->st_name, basename(obj->path),
(void *)target, basename(defobj->path));
defobj->strtab + def->st_name,
obj->path == NULL ? NULL : basename(obj->path),
(void *)target,
defobj->path == NULL ? NULL : basename(defobj->path));
/*
* Write the new contents for the jmpslot. Note that depending on