This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG

From: Andreas Schwab <schwab at linux-m68k dot org>
To: Alex Dowad <alexinbeijing at gmail dot com>
Cc: libc-alpha at sourceware dot org
Date: Mon, 10 Aug 2015 01:01:02 +0200
Subject: Re: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
Authentication-results: sourceware.org; auth=none
References: <1439153945-22973-1-git-send-email-alexinbeijing at gmail dot com>

Alex Dowad <alexinbeijing@gmail.com> writes:

> diff --git a/elf/rtld.c b/elf/rtld.c
> index 6dcbabc..ee194a6 100644
> --- a/elf/rtld.c
> +++ b/elf/rtld.c
> @@ -2408,6 +2408,8 @@ process_dl_debug (const char *dl_debug)
>  	      char *copy = strndupa (dl_debug, len);
>  	      _dl_error_printf ("\
>  warning: debug option `%s' unknown; try LD_DEBUG=help\n", copy);

Use %.*s instead.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

References:
- [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
  - From: Alex Dowad

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]