| From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 |
| From: Florian Weimer <fweimer@redhat.com> |
| Date: Mon, 19 Jun 2017 17:09:55 +0200 |
| Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 |
| programs [BZ #21624] |
| |
| LD_LIBRARY_PATH can only be used to reorder system search paths, which |
| is not useful functionality. |
| |
| This makes an exploitable unbounded alloca in _dl_init_paths unreachable |
| for AT_SECURE=1 programs. |
| |
| [Peter: Drop ChangeLog modification] |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| elf/rtld.c | 3 ++- |
| 1 file changed, 8 insertions(+), 1 deletion(-) |
| |
| diff --git a/elf/rtld.c b/elf/rtld.c |
| index 2446a87680..2269dbec81 100644 |
| --- a/elf/rtld.c |
| +++ b/elf/rtld.c |
| @@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) |
| |
| case 12: |
| /* The library search path. */ |
| - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) |
| + if (!__libc_enable_secure |
| + && memcmp (envline, "LIBRARY_PATH", 12) == 0) |
| { |
| library_path = &envline[13]; |
| break; |
| -- |
| 2.11.0 |
| |
