From owner-svn-src-all@FreeBSD.ORG Mon Apr 15 20:06:57 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3E672905; Mon, 15 Apr 2013 20:06:57 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 212D61779; Mon, 15 Apr 2013 20:06:57 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3FK6vPm052271; Mon, 15 Apr 2013 20:06:57 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3FK6uv4052270; Mon, 15 Apr 2013 20:06:56 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201304152006.r3FK6uv4052270@svn.freebsd.org> From: Konstantin Belousov Date: Mon, 15 Apr 2013 20:06:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r249525 - head/libexec/rtld-elf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 20:06:57 -0000 Author: kib Date: Mon Apr 15 20:06:56 2013 New Revision: 249525 URL: http://svnweb.freebsd.org/changeset/base/249525 Log: The origin_subst_one() function limits the length of the string to PATH_MAX after the token substitution. This is wrong, because origin_subst_one() performs the substitution on the whole rpath and similar strings, which contain several pathes separated by colon. As result, long (but correct) rpath consisting of many path elements is rejected by the function. Correct the problem by rewriting the origin_subst_one() to perform two passes, first pass to calculate the number of substitutions to be performed, and second pass to generate the resulting string. Second pass allocates the memory for the result based on the count from the first pass, without enforcing a limit. Reported and tested by: pgj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Modified: head/libexec/rtld-elf/rtld.c Modified: head/libexec/rtld-elf/rtld.c ============================================================================== --- head/libexec/rtld-elf/rtld.c Mon Apr 15 19:45:09 2013 (r249524) +++ head/libexec/rtld-elf/rtld.c Mon Apr 15 20:06:56 2013 (r249525) @@ -145,9 +145,8 @@ static void unlink_object(Obj_Entry *); static void unload_object(Obj_Entry *); static void unref_dag(Obj_Entry *); static void ref_dag(Obj_Entry *); -static int origin_subst_one(char **, const char *, const char *, - const char *, char *); -static char *origin_subst(const char *, const char *); +static char *origin_subst_one(char *, const char *, const char *, bool); +static char *origin_subst(char *, const char *); static void preinit_main(void); static int rtld_verify_versions(const Objlist *); static int rtld_verify_object_versions(Obj_Entry *); @@ -748,79 +747,80 @@ basename(const char *name) static struct utsname uts; -static int -origin_subst_one(char **res, const char *real, const char *kw, const char *subst, - char *may_free) +static char * +origin_subst_one(char *real, const char *kw, const char *subst, + bool may_free) { - const char *p, *p1; - char *res1; - int subst_len; - int kw_len; - - res1 = *res = NULL; - p = real; - subst_len = kw_len = 0; - for (;;) { - p1 = strstr(p, kw); - if (p1 != NULL) { - if (subst_len == 0) { - subst_len = strlen(subst); - kw_len = strlen(kw); - } - if (*res == NULL) { - *res = xmalloc(PATH_MAX); - res1 = *res; - } - if ((res1 - *res) + subst_len + (p1 - p) >= PATH_MAX) { - _rtld_error("Substitution of %s in %s cannot be performed", - kw, real); - if (may_free != NULL) - free(may_free); - free(res); - return (false); - } - memcpy(res1, p, p1 - p); - res1 += p1 - p; - memcpy(res1, subst, subst_len); - res1 += subst_len; - p = p1 + kw_len; - } else { - if (*res == NULL) { - if (may_free != NULL) - *res = may_free; - else - *res = xstrdup(real); - return (true); - } - *res1 = '\0'; - if (may_free != NULL) - free(may_free); - if (strlcat(res1, p, PATH_MAX - (res1 - *res)) >= PATH_MAX) { - free(res); - return (false); - } - return (true); - } - } + char *p, *p1, *res, *resp; + int subst_len, kw_len, subst_count, old_len, new_len; + + kw_len = strlen(kw); + + /* + * First, count the number of the keyword occurences, to + * preallocate the final string. + */ + for (p = real, subst_count = 0;; p = p1 + kw_len, subst_count++) { + p1 = strstr(p, kw); + if (p1 == NULL) + break; + } + + /* + * If the keyword is not found, just return. + */ + if (subst_count == 0) + return (may_free ? real : xstrdup(real)); + + /* + * There is indeed something to substitute. Calculate the + * length of the resulting string, and allocate it. + */ + subst_len = strlen(subst); + old_len = strlen(real); + new_len = old_len + (subst_len - kw_len) * subst_count; + res = xmalloc(new_len + 1); + + /* + * Now, execute the substitution loop. + */ + for (p = real, resp = res;;) { + p1 = strstr(p, kw); + if (p1 != NULL) { + /* Copy the prefix before keyword. */ + memcpy(resp, p, p1 - p); + resp += p1 - p; + /* Keyword replacement. */ + memcpy(resp, subst, subst_len); + resp += subst_len; + p = p1 + kw_len; + } else + break; + } + + /* Copy to the end of string and finish. */ + strcat(resp, p); + if (may_free) + free(real); + return (res); } static char * -origin_subst(const char *real, const char *origin_path) +origin_subst(char *real, const char *origin_path) { - char *res1, *res2, *res3, *res4; + char *res1, *res2, *res3, *res4; - if (uts.sysname[0] == '\0') { - if (uname(&uts) != 0) { - _rtld_error("utsname failed: %d", errno); - return (NULL); + if (uts.sysname[0] == '\0') { + if (uname(&uts) != 0) { + _rtld_error("utsname failed: %d", errno); + return (NULL); + } } - } - if (!origin_subst_one(&res1, real, "$ORIGIN", origin_path, NULL) || - !origin_subst_one(&res2, res1, "$OSNAME", uts.sysname, res1) || - !origin_subst_one(&res3, res2, "$OSREL", uts.release, res2) || - !origin_subst_one(&res4, res3, "$PLATFORM", uts.machine, res3)) - return (NULL); - return (res4); + res1 = origin_subst_one(real, "$ORIGIN", origin_path, false); + res2 = origin_subst_one(res1, "$OSNAME", uts.sysname, true); + res3 = origin_subst_one(res2, "$OSREL", uts.release, true); + res4 = origin_subst_one(res3, "$PLATFORM", uts.machine, true); + return (res4); } static void @@ -1438,10 +1438,12 @@ find_library(const char *xname, const Ob xname); return NULL; } - if (objgiven && refobj->z_origin) - return origin_subst(xname, refobj->origin_path); - else - return xstrdup(xname); + if (objgiven && refobj->z_origin) { + return (origin_subst(__DECONST(char *, xname), + refobj->origin_path)); + } else { + return (xstrdup(xname)); + } } if (libmap_disable || !objgiven ||