d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rtld: Fix segfault in direct exec mode

Browse Source 
When rtld is directly executed with arguments, it has to move the
program arguments, environment and elf aux data up a few slots to
remove its own arguments before the process being executed sees
them.  When copying the environment, rtld was incorrectly testing
whether the location about to be written to currently contained
NULL, when was supposed to check whether it had just copied the
NULL terminator of the environment string.  This had the result
that the ELF aux data was mostly treated as environment variables,
and rtld would quickly crash when it tried to access required
ELF aux data that it didn't think was present.

Differential Revision:	https://reviews.freebsd.org/D23008
Reviewed by:	kib
MFC after:	1 month
This commit is contained in:
Ryan Stone 2020-01-07 16:03:11 +00:00
parent f3e982e764
commit 68faee11e8
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=356444
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libexec/rtld-elf/rtld.c
View File

@ -514,12 +514,13 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
argv[i] = argv[i + rtld_argc];
*argcp -= rtld_argc;
environ = env = envp = argv + main_argc + 1;
dbg("move env from %p to %p", envp + rtld_argc, envp);
do {
*envp = *(envp + rtld_argc);
envp++;
} while (*envp != NULL);
} while (*envp++ != NULL);
aux = auxp = (Elf_Auxinfo *)envp;
auxpf = (Elf_Auxinfo *)(envp + rtld_argc);
dbg("move aux from %p to %p", auxpf, aux);
/* XXXKIB insert place for AT_EXECPATH if not present */
for (;; auxp++, auxpf++) {
*auxp = *auxpf;