From a745c837cb51c2efe8900740548cb68ec2a2f7ab Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Tue, 12 Jun 2018 23:31:02 -0400 Subject: Fix comments in _dl_dst_count and _dl_dst_substitute. The comments in _dl_dst_count is adjusted to match what the code does which is count DSTs from the start of the string. With the removal of DL_DST_COUNT we no longer accept an input that starts at the first $. In _dl_dst_substitute we adjust the comment to indicate that both conditions must be true for the SUID/SGID $ORIGIN exception. --- elf/dl-load.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'elf') diff --git a/elf/dl-load.c b/elf/dl-load.c index e81601f..09185ab 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -219,11 +219,11 @@ is_dst (const char *input, const char *ref) return rlen; } -/* INPUT is the start of a DST sequence at the first '$' occurrence. - If there is a DST we call into _dl_dst_count to count the number of - DSTs. We count all known DSTs regardless of __libc_enable_secure; - the caller is responsible for enforcing the security of the - substitution rules (usually _dl_dst_substitute). */ +/* INPUT should be the start of a path e.g DT_RPATH or name e.g. + DT_NEEDED. The return value is the number of known DSTs found. We + count all known DSTs regardless of __libc_enable_secure; the caller + is responsible for enforcing the security of the substitution rules + (usually _dl_dst_substitute). */ size_t _dl_dst_count (const char *input) { @@ -292,7 +292,9 @@ _dl_dst_substitute (struct link_map *l, const char *input, char *result) * $ORIGIN appears as the first path element, and is the only string in the path or is immediately followed by a path separator and the rest of the - path. + path, + + and ... * The path is rooted in a trusted directory. -- cgit v1.1