This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v3] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG

Alex Dowad wrote:

  	      _dl_error_printf ("\
warning: debug option `%.*s' unknown; try LD_DEBUG=help\n", (int)len, dl_debug);

Since this patch is about security, I suggest truncating the diagnostic a bit less randomly (as the above code will do if len exceeds INT_MAX). It can cause trouble to the user to get gigabyte-long diagnostics, and nothing after the first few bytes is helpful for diagnosis anyway. Plus, while we're at it, the indenting should be fixed and we shouldn't quote with grave accent. Something like the attached (untested) patch, perhaps.

diff --git a/elf/rtld.c b/elf/rtld.c
index 6bcf224..a6e81ce 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2504,9 +2504,10 @@ process_dl_debug (const char *dl_debug)
 	      /* Display a warning and skip everything until next
 		 separator.  */
-	      char *copy = strndupa (dl_debug, len);
-	      _dl_error_printf ("\
-warning: debug option `%s' unknown; try LD_DEBUG=help\n", copy);
+	      int deblen = MIN (len, 100);
+	      _dl_error_printf (("warning: debug option '%.*s'%s unknown;"
+				 " try LD_DEBUG=help\n"),
+				deblen, dl_debug, len < 100 ? "" : "...");
 	  dl_debug += len;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]