From patchwork Thu Jun 12 11:53:20 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Liebler X-Patchwork-Id: 359086 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id CFC561400D2 for ; Thu, 12 Jun 2014 21:53:46 +1000 (EST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:in-reply-to; q=dns; s=default; b=boB6 pC/ho+YRtt87jjadd0FLM9MC00IszaEASTCkEnsTtMA5aAnjrn5V6JZrdho7w+2K gfVFKppIIFj0mwYIG7Mut2sCeCUJ5kopPT121tGI4RBlapSqsbUG8dv3YbuWkQ7n h2Nj66IKxOe7HR4THjJrVXFlB7YG/8uaEzdpZJI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:in-reply-to; s=default; bh=7adeKVlKxH 4fJdN6Bh1R3OdYKjQ=; b=VL2LPaNeWi1rRtUlZ5r+vTqfBLYqha+O78FnLVGtl5 Dj18RvD+m3bVgEPpVuaU9NZSRXTggPWddllb7CszDQaPR3ZkNqlX2LmVswR3o3ge BriHEWc6BWooGOIDIarsEtT/Y6DOqnDhQpqrrQX09CRsCBz5VtDe45u+H+lc4Ntb I= Received: (qmail 28119 invoked by alias); 12 Jun 2014 11:53:39 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 28106 invoked by uid 89); 12 Jun 2014 11:53:38 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL, BAYES_00, RCVD_IN_DNSWL_NONE, RP_MATCHES_RCVD, SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.2 X-HELO: plane.gmane.org To: libc-alpha@sourceware.org From: Stefan Liebler Subject: Re: [PATCH] posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) Date: Thu, 12 Jun 2014 13:53:20 +0200 Lines: 52 Message-ID: References: <5398C182.4040906@redhat.com> Mime-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 In-Reply-To: <5398C182.4040906@redhat.com> On 06/11/2014 10:52 PM, Florian Weimer wrote: > POSIX requires that we make a copy, so we allocate a new string and free > it in posix_spawn_file_actions_destroy. > > The reporters (David Reid, Alex Gaynor, and Glyph Lefkowitz) are > concerned that not the old behavior could result in security > vulnerabilities in applications, and I agree that this cannot be ruled out. > Hi, on s390 the test elf/check-localplt fails with this patch due to a call to strdup@plt in function posix_spawn_file_actions_addopen. Including string.h solves the issue on s390/s390x. Please retest and commit. Bye --- 2014-06-12 Stefan Liebler * posix/spawn_faction_addopen.c: Include string.h to avoid strdup@plt call. --- diff --git a/posix/spawn_faction_addopen.c b/posix/spawn_faction_addopen.c index 40800b8..eba158c 100644 --- a/posix/spawn_faction_addopen.c +++ b/posix/spawn_faction_addopen.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "spawn_int.h"