diff options
| author | Andreas Schwab <schwab@suse.de> | 2018-10-23 09:40:14 +0200 |
|---|---|---|
| committer | Andreas Schwab <schwab@suse.de> | 2018-10-24 16:34:02 +0200 |
| commit | 2954daf00bb4dc27c69a48e6798d5960ea320741 (patch) | |
| tree | 1515d3e310cfb3fc2e2547bcaea0c0a8fb3cac01 /elf/dl-cache.c | |
| parent | a27a4f4721837a5fb36ace833764b06a64c5af1c (diff) | |
| download | glibc-2954daf00bb4dc27c69a48e6798d5960ea320741.zip glibc-2954daf00bb4dc27c69a48e6798d5960ea320741.tar.gz glibc-2954daf00bb4dc27c69a48e6798d5960ea320741.tar.bz2 | |
Add more checks for valid ld.so.cache file (bug 18093)
Diffstat (limited to 'elf/dl-cache.c')
| -rw-r--r-- | elf/dl-cache.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/elf/dl-cache.c b/elf/dl-cache.c index 6ee5153..6dd99a3 100644 --- a/elf/dl-cache.c +++ b/elf/dl-cache.c @@ -204,7 +204,10 @@ _dl_load_cache_lookup (const char *name) - only the new format The following checks if the cache contains any of these formats. */ if (file != MAP_FAILED && cachesize > sizeof *cache - && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0) + && memcmp (file, CACHEMAGIC, sizeof CACHEMAGIC - 1) == 0 + /* Check for corruption, avoiding overflow. */ + && ((cachesize - sizeof *cache) / sizeof (struct file_entry) + >= ((struct cache_file *) file)->nlibs)) { size_t offset; /* Looks ok. */ |