From 2864e767053317538feafa815046fff89e5a16be Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Wed, 10 Nov 1999 02:42:49 +0000
Subject: Update.

1999-11-09  Ulrich Drepper  <drepper@cygnus.com>

	* elf/dl-load.c (_dl_dst_count): Allow $ORIGIN to point to
	directory with the reference since this is as secure as using the
	object with the dependency.
	(_dl_dst_substitute): Likewise.

	* elf/dl-load.c (_dl_dst_count): Change strings in first two
	strncmp calls to allow reuse.
	(_dl_dst_substitute): Likewise.

1999-11-01  Arnold D. Robbins  <arnold@skeeve.com>

	* posix/regex.c (init_syntax_once): move below definition of
	ISALNUM etc., then use ISALNUM to init the table, so that
	the word ops will work if i18n'ed.
	(SYNTAX): And subscript with 0xFF for 8bit character sets.

1999-11-09  Andreas Jaeger  <aj@suse.de>

	* sysdeps/unix/getlogin_r.c (getlogin_r): Sync with getlogin
	implementation for ttyname_r call; fix inverted condition; return
	ut_user.  Closes PR libc/1438.

1999-11-09  Ulrich Drepper  <drepper@cygnus.com>

	* timezone/checktab.awk: Update from tzcode1999h.
	* timezone/africa: Update from tzdata1999i.
	* timezone/asia: Likewise.
	* timezone/australasia: Likewise.
	* timezone/backward: Likewise.
	* timezone/europe: Likewise.
	* timezone/northamerica: Likewise.
	* timezone/southamerica: Likewise.
	* timezone/iso3166.tab: Likewise.
	* timezone/zone.tab: Likewise.

	* sysdeps/unix/sysv/linux/bits/resource.h: Define values also as
	macros.  Patch by brg@csua.berkeley.edu [PR libc/1439].

1999-11-09  Andreas Jaeger  <aj@suse.de>

	* posix/Makefile (tests): Added tst-getlogin.

	* posix/tst-getlogin.c: New file, contains simple tests for
	getlogin and getlogin_r.

1999-11-09  Andreas Schwab  <schwab@suse.de>

	* misc/syslog.c: For LOG_PERROR only append a newline if
	necessary.
---
 elf/dl-load.c | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

(limited to 'elf/dl-load.c')

diff --git a/elf/dl-load.c b/elf/dl-load.c
index eb3c415..2d54786 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -149,21 +149,31 @@ local_strdup (const char *s)
 size_t
 _dl_dst_count (const char *name, int is_path)
 {
+  const char *const start = name;
   size_t cnt = 0;
 
   do
     {
       size_t len = 1;
 
-      /* $ORIGIN is not expanded for SUID/GUID programs.  */
-      if ((((!__libc_enable_secure
-	     && strncmp (&name[1], "ORIGIN", 6) == 0 && (len = 7) != 0)
-	    || (strncmp (&name[1], "PLATFORM", 8) == 0 && (len = 9) != 0))
+      /* $ORIGIN is not expanded for SUID/GUID programs.
+
+	 Note that it is no bug that the strings in the first two `strncmp'
+	 calls are longer than the sequence which is actually tested.  */
+      if ((((strncmp (&name[1], "ORIGIN}", 6) == 0
+	     && (!__libc_enable_secure
+		 || ((name[7] == '\0' || (is_path && name[7] == ':'))
+		     && (name == start || (is_path && name[-1] == ':'))))
+	     && (len = 7) != 0)
+	    || (strncmp (&name[1], "PLATFORM}", 8) == 0 && (len = 9) != 0))
 	   && (name[len] == '\0' || name[len] == '/'
 	       || (is_path && name[len] == ':')))
 	  || (name[1] == '{'
-	      && ((!__libc_enable_secure
-		   && strncmp (&name[2], "ORIGIN}", 7) == 0 && (len = 9) != 0)
+	      && ((strncmp (&name[2], "ORIGIN}", 7) == 0
+		   && (!__libc_enable_secure
+		       || ((name[9] == '\0' || (is_path && name[9] == ':'))
+			   && (name == start || (is_path && name[-1] == ':'))))
+		   && (len = 9) != 0)
 		  || (strncmp (&name[2], "PLATFORM}", 9) == 0
 		      && (len = 11) != 0))))
 	++cnt;
@@ -180,6 +190,7 @@ char *
 _dl_dst_substitute (struct link_map *l, const char *name, char *result,
 		    int is_path)
 {
+  const char *const start = name;
   char *last_elem, *wp;
 
   /* Now fill the result path.  While copying over the string we keep
@@ -195,8 +206,10 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
 	  const char *repl;
 	  size_t len;
 
-	  if ((((strncmp (&name[1], "ORIGIN", 6) == 0 && (len = 7) != 0)
-		|| (strncmp (&name[1], "PLATFORM", 8) == 0 && (len = 9) != 0))
+      /* Note that it is no bug that the strings in the first two `strncmp'
+	 calls are longer than the sequence which is actually tested.  */
+	  if ((((strncmp (&name[1], "ORIGIN}", 6) == 0 && (len = 7) != 0)
+		|| (strncmp (&name[1], "PLATFORM}", 8) == 0 && (len = 9) != 0))
 	       && (name[len] == '\0' || name[len] == '/'
 		   || (is_path && name[len] == ':')))
 	      || (name[1] == '{'
@@ -205,7 +218,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
 			  && (len = 11) != 0))))
 	    {
 	      repl = ((len == 7 || name[2] == 'O')
-		      ? (__libc_enable_secure ? NULL : l->l_origin)
+		      ? (__libc_enable_secure
+			 && ((name[len] != '\0'
+			      && (!is_path || name[len] != ':'))
+			     || (name != start
+				 && (!is_path || name[-1] != ':')))
+			 ? NULL : l->l_origin)
 		      : _dl_platform);
 
 	      if (repl != NULL && repl != (const char *) -1)
@@ -259,7 +277,7 @@ expand_dynamic_string_token (struct link_map *l, const char *s)
   size_t total;
   char *result;
 
-  /* Determine the nubmer of DST elements.  */
+  /* Determine the number of DST elements.  */
   cnt = DL_DST_COUNT (s, 1);
 
   /* If we do not have to replace anything simply copy the string.  */
-- 
cgit v1.1