diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-11-24 12:34:39 +0000 |
|---|---|---|
| committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-12-15 10:13:46 +0000 |
| commit | c6b016532705e158a330c31697e9dd4826aa68af (patch) | |
| tree | 15189b94faffea0b00afbadac54776a6e6b45c6a | |
| parent | cb5648b00f1f6f883d0d1691abc0d2fad2fcafd7 (diff) | |
| download | glibc-c6b016532705e158a330c31697e9dd4826aa68af.zip glibc-c6b016532705e158a330c31697e9dd4826aa68af.tar.gz glibc-c6b016532705e158a330c31697e9dd4826aa68af.tar.bz2 | |
elf: Fix failure handling in _dl_map_object_from_fd
The failure paths in _dl_map_object_from_fd did not clean every
potentially allocated resource up.
Handle l_phdr, l_libname and mapped segments in the common failure
handling code.
There are various bits that may not be cleaned properly on failure
(e.g. executable stack, incomplete dl_map_segments) fixing those
need further changes.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
| -rw-r--r-- | elf/dl-load.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/elf/dl-load.c b/elf/dl-load.c index b1865a1..21c2920 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -955,8 +955,14 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, /* The file might already be closed. */ if (fd != -1) __close_nocancel (fd); + if (l != NULL && l->l_map_start != 0) + _dl_unmap_segments (l); if (l != NULL && l->l_origin != (char *) -1l) free ((char *) l->l_origin); + if (l != NULL && !l->l_libname->dont_free) + free (l->l_libname); + if (l != NULL && l->l_phdr_allocated) + free ((void *) l->l_phdr); free (l); free (realname); @@ -1251,7 +1257,11 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, maplength, has_holes, loader); if (__glibc_unlikely (errstring != NULL)) - goto lose; + { + /* Mappings can be in an inconsistent state: avoid unmap. */ + l->l_map_start = l->l_map_end = 0; + goto lose; + } } if (l->l_ld == 0) @@ -1274,15 +1284,6 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, || (__glibc_unlikely (l->l_flags_1 & DF_1_PIE) && __glibc_unlikely ((mode & __RTLD_OPENEXEC) == 0))) { - /* We are not supposed to load this object. Free all resources. */ - _dl_unmap_segments (l); - - if (!l->l_libname->dont_free) - free (l->l_libname); - - if (l->l_phdr_allocated) - free ((void *) l->l_phdr); - if (l->l_flags_1 & DF_1_PIE) errstring = N_("cannot dynamically load position-independent executable"); @@ -1387,6 +1388,10 @@ cannot enable executable stack as shared object requires"); /* Signal that we closed the file. */ fd = -1; + /* Failures before this point are handled locally via lose. + There are no more failures in this function until return, + to change that the cleanup handling needs to be updated. */ + /* If this is ET_EXEC, we should have loaded it as lt_executable. */ assert (type != ET_EXEC || l->l_type == lt_executable); |