Page MenuHomeFreeBSD
Differential D35792

rtld-elf: Fix leaks and wild frees in origin_subst
ClosedPublic
Actions

Authored by jrtc27 on Jul 12 2022, 4:24 PM.
Tags
None
Referenced Files
F102710615: D35792.id108064.diff
Sat, Nov 16, 4:51 AM
Unknown Object (File)
Oct 9 2024, 8:57 PM
Unknown Object (File)
Oct 1 2024, 11:41 AM
Unknown Object (File)
Sep 24 2024, 7:38 PM
Unknown Object (File)
Sep 24 2024, 11:52 AM
Unknown Object (File)
Sep 24 2024, 4:44 AM
Unknown Object (File)
Sep 24 2024, 3:44 AM
Unknown Object (File)
Sep 24 2024, 2:54 AM
View All 61 Files
Subscribers
bdragon
imp

Details

Reviewers
emaste
kib
markj
Commits
rG461cad31f3fd: rtld-elf: Fix leaks and wild frees in origin_subst
rGbecd9908beb8: rtld-elf: Fix leaks and wild frees in origin_subst
Summary

55abf23dd36b inverted the value passed to origin_subst_one when rolling
up the existing code into a loop. If the first token is found ($ORIGIN),
this results in a wild free of part of strtab. Processing the second
token works fine and will act how the first should have regardless of
whether found, allocating memory for the string without freeing.
Processing subsequent tokens however will then leak, regardless of
whether found, as they will also believe they need to allocate memory
and can't free the string.

Found by: CHERI
Fixes: 55abf23dd36b ("rtld: make token substitution table-driven")
MFC after: 3 days

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
libexec/
rtld-elf/
2 lines

Diff 108066

View Options

libexec/rtld-elf/rtld.c

Loading...