d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a bug in dlinfo(RTLD_DI_SERINFOSIZE) requests. For each search path

Browse Source 
we included the length of the path in the returned size but not the length
of the associated Dl_serpath structure.  Without this fix, programs
attempting to allocate a structure to hold the search path information
would allocate too small of a buffer and rtld would overrun the buffer
while filling it via a subsequent RTLD_DI_SERINFO request.

Submitted by:	"William K. Josephson" wkj at morphisms dot net
Reviewed by:	jdp
MFC after:	2 weeks
This commit is contained in:
John Baldwin 2005-11-11 19:57:41 +00:00
parent d9276f685b
commit 4d5fe96d68
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libexec/rtld-elf/rtld.c
View File

@ -1968,7 +1968,7 @@ fill_search_info(const char *dir, size_t dirlen, void *param)
if (arg->request == RTLD_DI_SERINFOSIZE) {
arg->serinfo->dls_cnt ++;
arg->serinfo->dls_size += dirlen + 1;
arg->serinfo->dls_size += sizeof(Dl_serpath) + dirlen + 1;
} else {
struct dl_serpath *s_entry;