37 lines
1.0 KiB
Diff
37 lines
1.0 KiB
Diff
From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
|
|
From: Florian Weimer <fweimer@redhat.com>
|
|
Date: Mon, 19 Jun 2017 17:09:55 +0200
|
|
Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
|
|
programs [BZ #21624]
|
|
|
|
LD_LIBRARY_PATH can only be used to reorder system search paths, which
|
|
is not useful functionality.
|
|
|
|
This makes an exploitable unbounded alloca in _dl_init_paths unreachable
|
|
for AT_SECURE=1 programs.
|
|
|
|
patch from:
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
|
|
---
|
|
ChangeLog | 7 +++++++
|
|
elf/rtld.c | 3 ++-
|
|
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
index 2446a87..2269dbe 100644
|
|
--- a/elf/rtld.c
|
|
+++ b/elf/rtld.c
|
|
@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
|
|
|
|
case 12:
|
|
/* The library search path. */
|
|
- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
|
+ if (!__libc_enable_secure
|
|
+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
|
{
|
|
library_path = &envline[13];
|
|
break;
|
|
--
|
|
2.9.3
|
|
|