On Sun, Jul 14, 2013 at 03:13:32PM +0200, J??r??mie Courr??ges-Anglas wrote:
> Kenneth R Westerback <kwesterb...@rogers.com> writes:
>
> > On Sun, Jul 14, 2013 at 09:23:53AM +0200, J??r??mie Courr??ges-Anglas wrote:
> >> David Hill <dh...@mindcry.org> writes:
> >>
> >> > remove unused variables.
> >>
> >> Makes sense. ok?
> >>
>
> [...]
>
> >> > lseek(fd, -((off_t)sizeof(struct prebind_footer)), SEEK_END);
> >> > - len = read(fd, &footer, sizeof(struct prebind_footer));
> >> > + read(fd, &footer, sizeof(struct prebind_footer));
> >
> > Here I would consider actually using len to check for failure. And of
> > course changing the type of len to ssize_t to allow such checking.
> >
> > .... Ken
>
> Sure (assuming that an undetected lseek() error would be caught by
> read()).
I guess lseek() should also have a result check, as the rabbit hole
yawns wider. :-) But to concentrate on the read, I think the other
error to check for is a short read. But not being a ld.so hacker I
have no feel for how much trouble could be caused by only reading
in a partial object. I'm guessing the file would have to be truly
pathological.
.... Ken
>
> Index: prebind.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/ldconfig/prebind.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 prebind.c
> --- prebind.c 5 Jul 2013 21:10:50 -0000 1.21
> +++ prebind.c 14 Jul 2013 13:04:19 -0000
> @@ -475,12 +475,10 @@ done:
> int
> elf_check_note(void *buf, Elf_Phdr *phdr)
> {
> - Elf_Ehdr *ehdr;
> u_long address;
> u_int *pint;
> char *osname;
>
> - ehdr = (Elf_Ehdr *)buf;
> address = phdr->p_offset;
> pint = (u_int *)((char *)buf + address);
> osname = (char *)buf + address + sizeof(*pint) * 3;
> @@ -1715,7 +1713,7 @@ elf_write_lib(struct elf_object *object,
> u_int32_t next_start, *fixuptab = NULL;
> struct stat ifstat;
> off_t base_offset;
> - size_t len;
> + ssize_t len;
> int fd = -1, i;
> int readonly = 0;
>
> @@ -1733,6 +1731,11 @@ elf_write_lib(struct elf_object *object,
> }
> lseek(fd, -((off_t)sizeof(struct prebind_footer)), SEEK_END);
> len = read(fd, &footer, sizeof(struct prebind_footer));
> + if (len == -1) {
> + perror(object->load_name);
> + close(fd);
> + return 1;
> + }
>
> if (fstat(fd, &ifstat) == -1) {
> perror(object->load_name);
> @@ -2213,7 +2216,6 @@ void
> copy_oldsymcache(int objidx, void *prebind_map)
> {
> struct prebind_footer *footer;
> - struct elf_object *object;
> struct elf_object *tobj;
> struct symcache_noflag *tcache;
> struct symcachetab *symcache;
> @@ -2222,8 +2224,6 @@ copy_oldsymcache(int objidx, void *prebi
> u_int32_t offset;
> u_int32_t *poffset;
> struct nameidx *nameidx;
> -
> - object = objarray[objidx].obj;
>
> poffset = (u_int32_t *)prebind_map;
> c = prebind_map;
