Re: [linux-security] KSR[T] Advisory #2: ld.so

[jlewis () INORGANIC5 FDT NET (Jon Lewis)]

On Thu, 17 Jul 1997, KSR[T] wrote:

> [mod: Caldera, LST, Red Hat, Suse, yggdrasil, Debian, unifix, wgs? and
> delix? are stressing to make a patch available in their native format.
> If your vendor is not on this list, please tell me in private mail. --
> R.E.Wolff () BitWizard nl]

Was this patch at all tested?  It failed to compile for me due to what
seems to be a typo in this section:

@@ -207,12 +247,14 @@
        save_mapinfo(mapinfo);
 #endif
        argv0 = va_arg(ap, char *);
+       argv0 = arg_remap(argv0);
        __environ = va_arg(ap, char **);
        __SHARED_LIBRARIES__ = va_arg(ap, struct libentry **);
        _SHARABLE_CONFLICTS__ = va_arg(ap, struct fixuplist *);
        if (func == FUNC_LINK_AND_CALLBACK)
          callback = va_arg(ap, callbackptr);
        va_end(ap);
+
        break;
     default:
        /* you want me to do what? */

s/arg_remap/argv_remap/

> @@ -328,6 +371,11 @@
>               .text section. This is passed to ldpreload() below */
>           if (preload || callback)
>           {
> +             if(nlibs==11)
> +             {
> +                     fdprintf(2, "%s: too many preloads\n",argv[0]);
> +                     exit(EXIT_FATAL);
> +             }
>               libs[nlibs] = alloca(strlen(buffer)+1);
>               strcpy(libs[nlibs], buffer);
>               nlibs++;

This section bothered me too.  I just woke up, and have not taken too
close a look at the code, but libs is declared as char *libs[10];.  Would
it be better to define a constant MAX_LIBS?  Shouldn't the comparison
above be if(nlibs==10) since 0-9 are the valid indexes?

------------------------------------------------------------------
 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |
________Finger jlewis () inorganic5 fdt net for PGP public key_______