aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre Ynard <linkfanel@yahoo.fr>2013-06-28 21:43:42 +0000
committerJoseph Myers <joseph@codesourcery.com>2013-06-28 21:43:42 +0000
commit0432680e8c2ecd832038387f92b462dea75e94cc (patch)
treee917253c568202b91d781dfbcb05bd2f8d90e6dd
parentce61a2ad2e078a19454411832b167444b6c9ae66 (diff)
downloadglibc-0432680e8c2ecd832038387f92b462dea75e94cc.zip
glibc-0432680e8c2ecd832038387f92b462dea75e94cc.tar.gz
glibc-0432680e8c2ecd832038387f92b462dea75e94cc.tar.bz2
Test for mprotect failure in dl-load.c (bug 12492).
-rw-r--r--ChangeLog6
-rw-r--r--NEWS24
-rw-r--r--elf/dl-load.c6
3 files changed, 23 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 4ca3864..8d81f2d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-06-28 Pierre Ynard <linkfanel@yahoo.fr>
+
+ [BZ #12492]
+ * elf/dl-load.c (_dl_map_object_from_fd): Test for failure of
+ mprotect making __stack_prot writable.
+
2013-06-28 Nathan Froyd <froydnj@codesourcery.com>
Joseph Myers <joseph@codesourcery.com>
diff --git a/NEWS b/NEWS
index e7fcf81..7fa47f1 100644
--- a/NEWS
+++ b/NEWS
@@ -10,18 +10,18 @@ Version 2.18
* The following bugs are resolved with this release:
2546, 2560, 5159, 6809, 7006, 10060, 10062, 10283, 10357, 10686, 11120,
- 11561, 12310, 12387, 12515, 12723, 13550, 13889, 13951, 13988, 14142,
- 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496, 14582,
- 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952, 14964,
- 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006, 15007,
- 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
- 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283, 15285,
- 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337,
- 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395,
- 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429,
- 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490,
- 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, 15618,
- 15627, 15631, 15654, 15655, 15666, 15667, 15674.
+ 11561, 12310, 12387, 12492, 12515, 12723, 13550, 13889, 13951, 13988,
+ 14142, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496,
+ 14582, 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952,
+ 14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006,
+ 15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078,
+ 15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283,
+ 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336,
+ 15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394,
+ 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426,
+ 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488,
+ 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583,
+ 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674.
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
#15078).
diff --git a/elf/dl-load.c b/elf/dl-load.c
index d53ead4..655e38e 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1487,7 +1487,11 @@ cannot allocate TLS data structures for initial thread");
if (__builtin_expect (p + s <= relro_end, 1))
{
/* The variable lies in the region protected by RELRO. */
- __mprotect ((void *) p, s, PROT_READ|PROT_WRITE);
+ if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
+ {
+ errstring = N_("cannot change memory protections");
+ goto call_lose_errno;
+ }
__stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
__mprotect ((void *) p, s, PROT_READ);
}