d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rtld: Fix segfault in direct exec mode

Browse Source 
When rtld is directly executed with arguments, it has to move the
program arguments, environment and elf aux data up a few slots to
remove its own arguments before the process being executed sees
them.  When copying the environment, rtld was incorrectly testing
whether the location about to be written to currently contained
NULL, when was supposed to check whether it had just copied the
NULL terminator of the environment string.  This had the result
that the ELF aux data was mostly treated as environment variables,
and rtld would quickly crash when it tried to access required
ELF aux data that it didn't think was present.

Differential Revision:	https://reviews.freebsd.org/D23008
Reviewed by:	kib
MFC after:	1 month
This commit is contained in:
rstone 2020-01-07 16:03:11 +00:00
parent c80353a5cc
commit 5a2b4ebd65
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libexec/rtld-elf/rtld.c
View File

@ -514,12 +514,13 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
argv[i] = argv[i + rtld_argc];
*argcp -= rtld_argc;
environ = env = envp = argv + main_argc + 1;
dbg("move env from %p to %p", envp + rtld_argc, envp);
do {
*envp = *(envp + rtld_argc);
envp++;
} while (*envp != NULL);
} while (*envp++ != NULL);
aux = auxp = (Elf_Auxinfo *)envp;
auxpf = (Elf_Auxinfo *)(envp + rtld_argc);
dbg("move aux from %p to %p", auxpf, aux);
/* XXXKIB insert place for AT_EXECPATH if not present */
for (;; auxp++, auxpf++) {
*auxp = *auxpf;