Skip to content
Permalink
Browse files
Initial import
  • Loading branch information
Carsten Munk committed Oct 4, 2011
0 parents commit 1f9fe09250e2329769458a66e092f200f020de7e
Show file tree
Hide file tree
Showing 18 changed files with 4,634 additions and 0 deletions.
@@ -0,0 +1,5 @@
<attributes>
<attribute namespace="Mer" name="MeeGoUpstreamRev">
<value>b5e2e1cba5dc881651114612526e96d6</value>
</attribute>
</attributes>
13 _meta
@@ -0,0 +1,13 @@
<package project="Mer:Trunk:Base" name="glibc">
<title>The GNU libc libraries</title>
<description>The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

</description>
<url>http://sources.redhat.com/glibc/</url>
</package>
@@ -0,0 +1,82 @@
2010-10-18 Andreas Schwab <schwab@redhat.com>

* elf/dl-load.c (is_dst): Remove last parameter.
(_dl_dst_count): Ignore $ORIGIN in privileged programs.
(_dl_dst_substitute): Likewise.
---
elf/dl-load.c | 30 +++++++++++++-----------------
1 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/elf/dl-load.c b/elf/dl-load.c
index a7162eb..776f7e4 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -169,8 +169,7 @@ local_strdup (const char *s)


static size_t
-is_dst (const char *start, const char *name, const char *str,
- int is_path, int secure)
+is_dst (const char *start, const char *name, const char *str, int is_path)
{
size_t len;
bool is_curly = false;
@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str,
&& (!is_path || name[len] != ':'))
return 0;

- if (__builtin_expect (secure, 0)
- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
- || (name != start + 1 && (!is_path || name[-2] != ':'))))
- return 0;
-
return len;
}

@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path)
{
size_t len;

- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
- is $ORIGIN alone) and it must always appear first in path. */
+ /* $ORIGIN is not expanded for SUID/GUID programs. */
++name;
- if ((len = is_dst (start, name, "ORIGIN", is_path,
- INTUSE(__libc_enable_secure))) != 0
- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
+ && !INTUSE(__libc_enable_secure))
+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
+ || (len = is_dst (start, name, "LIB", is_path)) != 0)
++cnt;

name = strchr (name + len, '$');
@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
size_t len;

++name;
- if ((len = is_dst (start, name, "ORIGIN", is_path,
- INTUSE(__libc_enable_secure))) != 0)
+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
{
+ /* Ignore this path element in SUID/SGID programs. */
+ if (INTUSE(__libc_enable_secure))
+ repl = (const char *) -1;
+ else
#ifndef SHARED
if (l == NULL)
repl = _dl_get_origin ();
@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
#endif
repl = l->l_origin;
}
- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
repl = GLRO(dl_platform);
- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
repl = DL_DST_LIB;

if (repl != NULL && repl != (const char *) -1)

@@ -0,0 +1,186 @@
From 47c3cd7a74e8c089d60d603afce6d9cf661178d6 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@gmail.com>
Date: Sat, 7 May 2011 11:44:26 -0400
Subject: [PATCH] Allow $ORIGIN to reference trusted directoreis in SUID binaries.

2011-05-07 Petr Baudis <pasky@suse.cz>
Ulrich Drepper <drepper@gmail.com>

[BZ #12393]
* elf/dl-load.c (fillin_rpath): Move trusted path check...
(is_trusted_path): ...to here.
(is_norm_trusted_path): Add wrapper for /../ and /./ normalization.
(_dl_dst_substitute): Verify expanded $ORIGIN path elements
using is_norm_trusted_path() in setuid scripts.

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 00ea465..f2773d5 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -168,6 +168,71 @@ local_strdup (const char *s)
}


+static bool
+is_trusted_path (const char *path, size_t len)
+{
+ /* All trusted directories must be complete names. */
+ if (path[0] != '/')
+ return false;
+
+ const char *trun = system_dirs;
+
+ for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
+ {
+ if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
+ /* Found it. */
+ return true;
+
+ trun += system_dirs_len[idx] + 1;
+ }
+
+ return false;
+}
+
+
+static bool
+is_trusted_path_normalize (const char *path, size_t len)
+{
+ char *npath = (char *) alloca (len + 2);
+ char *wnp = npath;
+
+ while (*path != '\0')
+ {
+ if (path[0] == '/')
+ {
+ if (path[1] == '.')
+ {
+ if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
+ {
+ while (wnp > npath && *--wnp != '/')
+ ;
+ path += 3;
+ continue;
+ }
+ else if (path[2] == '/' || path[2] == '\0')
+ {
+ path += 2;
+ continue;
+ }
+ }
+
+ if (wnp > npath && wnp[-1] == '/')
+ {
+ ++path;
+ continue;
+ }
+ }
+
+ *wnp++ = *path++;
+ }
+ if (wnp > npath && wnp[-1] != '/')
+ *wnp++ = '/';
+ *wnp = '\0';
+
+ return is_trusted_path (npath, wnp - npath);
+}
+
+
static size_t
is_dst (const char *start, const char *name, const char *str,
int is_path, int secure)
@@ -240,13 +305,14 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
int is_path)
{
const char *const start = name;
- char *last_elem, *wp;

/* Now fill the result path. While copying over the string we keep
track of the start of the last path element. When we come accross
a DST we copy over the value or (if the value is not available)
leave the entire path element out. */
- last_elem = wp = result;
+ char *wp = result;
+ char *last_elem = result;
+ bool check_for_trusted = false;

do
{
@@ -265,6 +331,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
else
#endif
repl = l->l_origin;
+
+ check_for_trusted = (INTUSE(__libc_enable_secure)
+ && l->l_type == lt_executable);
}
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
repl = GLRO(dl_platform);
@@ -297,11 +366,29 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
{
*wp++ = *name++;
if (is_path && *name == ':')
- last_elem = wp;
+ {
+ /* In SUID/SGID programs, after $ORIGIN expansion the
+ normalized path must be rooted in one of the trusted
+ directories. */
+ if (__builtin_expect (check_for_trusted, false)
+ && is_trusted_path_normalize (last_elem, wp - last_elem))
+ {
+ wp = last_elem;
+ check_for_trusted = false;
+ }
+ else
+ last_elem = wp;
+ }
}
}
while (*name != '\0');

+ /* In SUID/SGID programs, after $ORIGIN expansion the normalized
+ path must be rooted in one of the trusted directories. */
+ if (__builtin_expect (check_for_trusted, false)
+ && is_trusted_path_normalize (last_elem, wp - last_elem))
+ wp = last_elem;
+
*wp = '\0';

return result;
@@ -411,33 +498,8 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
cp[len++] = '/';

/* Make sure we don't use untrusted directories if we run SUID. */
- if (__builtin_expect (check_trusted, 0))
- {
- const char *trun = system_dirs;
- size_t idx;
- int unsecure = 1;
-
- /* All trusted directories must be complete names. */
- if (cp[0] == '/')
- {
- for (idx = 0; idx < nsystem_dirs_len; ++idx)
- {
- if (len == system_dirs_len[idx]
- && memcmp (trun, cp, len) == 0)
- {
- /* Found it. */
- unsecure = 0;
- break;
- }
-
- trun += system_dirs_len[idx] + 1;
- }
- }
-
- if (unsecure)
- /* Simply drop this directory. */
- continue;
- }
+ if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len))
+ continue;

/* See if this directory is already known. */
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)

@@ -0,0 +1,24 @@
From e1fb097f447a89aa69a926e45e673a52d86a6c57 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@gmail.com>
Date: Wed, 11 May 2011 23:37:25 -0400
Subject: [PATCH] Report write error in addmnt even for cached streams.

2011-05-11 Ulrich Drepper <drepper@gmail.com>

[BZ #12625]
* misc/mntent_r.c (addmntent): Flush the stream after the output

diff --git a/misc/mntent_r.c b/misc/mntent_r.c
index 9598528..6959f0e 100644
--- a/misc/mntent_r.c
+++ b/misc/mntent_r.c
@@ -263,8 +263,8 @@ __addmntent (FILE *stream, const struct mntent *mnt)
mntcopy.mnt_type,
mntcopy.mnt_opts,
mntcopy.mnt_freq,
- mntcopy.mnt_passno)
- < 0 ? 1 : 0);
+ mntcopy.mnt_passno) < 0
+ || fflush (stream) != 0);
}
weak_alias (__addmntent, addmntent)
@@ -0,0 +1,46 @@
From 8126d90480fa3e0c5c5cd0d02cb1c93174b45485 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@gmail.com>
Date: Fri, 18 Mar 2011 05:29:20 -0400
Subject: [PATCH] Check size of pattern in wide character representation in fnmatch.

2011-03-18 Ulrich Drepper <drepper@gmail.com>

* posix/fnmatch.c (fnmatch): Check size of pattern in wide
character representation.
Partly based on a patch by Tomas Hoger <thoger@redhat.com>.
diff --git a/posix/fnmatch.c b/posix/fnmatch.c
index 0af5ee6..819a6a7 100644
--- a/posix/fnmatch.c
+++ b/posix/fnmatch.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991,1992,1993,1996,1997,1998,1999,2000,2001,2002,2003,2007,2010
+/* Copyright (C) 1991,1992,1993,1996,1997,1998,1999,2000,2001,2002,2003,2007,2010,2011
Free Software Foundation, Inc.
This file is part of the GNU C Library.

@@ -375,6 +375,11 @@ fnmatch (pattern, string, flags)
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
return -1;
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
+ {
+ __set_errno (ENOMEM);
+ return -2;
+ }
wpattern_malloc = wpattern
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
assert (mbsinit (&ps));
@@ -419,6 +424,12 @@ fnmatch (pattern, string, flags)
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
goto free_return;
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
+ {
+ free (wpattern_malloc);
+ __set_errno (ENOMEM);
+ return -2;
+ }

wstring_malloc = wstring
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));

Binary file not shown.

0 comments on commit 1f9fe09

Please sign in to comment.