From 339516addbde87760f3c0f175a4abcf5d629df54 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 31 Jul 2013 14:42:08 -0400 Subject: add some sanity checks in dynamic loader code reject elf files which are not ET_EXEC/ET_DYN type as bad exec format, and reject ET_EXEC files when they cannot be loaded at the correct address, since they are not relocatable at runtime. the main practical benefit of this is to make dlopen of the main program fail rather than producing an unsafe-to-use handle. --- src/ldso/dynlink.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index 59ec5b79..f4988e73 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -320,6 +320,10 @@ static void *map_library(int fd, struct dso *dso) ssize_t l = read(fd, buf, sizeof buf); if (l<(int)sizeof *eh) return 0; eh = buf; + if (eh->e_type != ET_DYN && eh->e_type != ET_EXEC) { + errno = ENOEXEC; + return 0; + } phsize = eh->e_phentsize * eh->e_phnum; if (phsize + sizeof *eh > l) return 0; if (eh->e_phoff + phsize > l) { @@ -362,6 +366,12 @@ static void *map_library(int fd, struct dso *dso) * amount of virtual address space to map over later. */ map = mmap((void *)addr_min, map_len, prot, MAP_PRIVATE, fd, off_start); if (map==MAP_FAILED) return 0; + /* If the loaded file is not relocatable and the requested address is + * not available, then the load operation must fail. */ + if (eh->e_type != ET_DYN && addr_min && map!=(void *)addr_min) { + errno = EBUSY; + goto error; + } base = map - addr_min; dso->phdr = 0; dso->phnum = 0; -- cgit v1.2.3-70-g09d2