From nobody Wed Aug 10 23:12:04 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M35LF16fLz4Z5GZ; Wed, 10 Aug 2022 23:12:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M35LF0Yd7z3Ml7; Wed, 10 Aug 2022 23:12:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660173125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I4H/jlNhB+UFjggRaecLB5icuDAp+tyoiuhgK9uMncA=; b=w7T4XY9sgck1tmdZ9NNKMyl29IrrVJjC9ohF6eIGTYDG1LaefWwCMC2sJxQXiSyvj7vr4A q1GXSulC5uNt9sWROv3kfxiyhTgeX9DwNXJH3+xSzFswG6jZebv69IJ7pllmAzwOHxZwIo 6w+MSPJ7YAn42U6PCPRWldD+pLFoImkqyIp0NV/sGG4eDUMRyZrzpAzPNgQzYxf01Uggjv +LjnE8OQQ8+FjZo81FXFDKHLtV2jJe16u4oHw4tG2dwIofFvYU+Nbnl/xKduQ0zrgi2dtq PL5Ho7J1S8YtsYCZsWHIJLx+TnH7IlmWtBwaPhWmD0FolEKSdRRiVLA+VCEDjQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M35LD6khczVgp; Wed, 10 Aug 2022 23:12:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 27ANC4UO054457; Wed, 10 Aug 2022 23:12:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 27ANC4e8054456; Wed, 10 Aug 2022 23:12:04 GMT (envelope-from git) Date: Wed, 10 Aug 2022 23:12:04 GMT Message-Id: <202208102312.27ANC4e8054456@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jessica Clarke Subject: git: 461cad31f3fd - stable/13 - rtld-elf: Fix leaks and wild frees in origin_subst List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrtc27 X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 461cad31f3fdac9e5ee10464e3557866a8ed0e5a Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1660173125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I4H/jlNhB+UFjggRaecLB5icuDAp+tyoiuhgK9uMncA=; b=stiHEcT59QGnFoiWudQ8J0o/WH6v/ojzWRtPrwBmhf//ddpBidT/OHUDBIkx+T9muSK5G0 t/ptTQO+zvi6Uh8CKMikPRukXDhVQRhjaik/xVv0VHHzu7j+RhTBd6Qu07idb89z6r/5Ax bWJvNdUut4asJJFvWoXGFmRs+jfPIpP68WsIu6KnvpUi0G3MjRXyEMdChvGAJ4FMK1o4dr q8sMI6RXPNg6MsuwO3OeEhCrn0tr6hXtl0z4YIaQ61mfITnBbGoaSN0qfB0wYcOdEcO5sM Hw1QfkVUTWy7L1eBNtG63P7N05z8Zi06bvu/QfgGRD2W4QNAYJBlCsMNsd2Kbw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1660173125; a=rsa-sha256; cv=none; b=KcD5JnHKZOqdAeUkvgVekM9t8mWQ83nWoTQoLKGXnf/dvY75reUa1VstvkGJMFY2Nr6xYf CcGY8Id2m6ZAAHMKFupLiDI+3uTlgZKnfCaKPXdzPV4Wzvp0bAeAXtSMfZwy7dhJrPMdwC 3MjXtY3ufLusQ72r5GjvUQB8trQ4yMdTX91MCFUmkTj1yCFvrkbgH/JZ3hhHLMQy6NgLWU Wq6gxwS3gZNKswriQoL0BdvsQezdOy+UkjpK4FL5vDAPGjg3+I7RNqqoFinP6kM/ioObvh o8acqTS0hgU+MFv8Y34GSqgOaWV+1k2wPmpCX9SRx8kRk+wst8RL4DJDEOVp6w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=461cad31f3fdac9e5ee10464e3557866a8ed0e5a commit 461cad31f3fdac9e5ee10464e3557866a8ed0e5a Author: Jessica Clarke AuthorDate: 2022-07-12 16:47:47 +0000 Commit: Jessica Clarke CommitDate: 2022-08-10 23:11:48 +0000 rtld-elf: Fix leaks and wild frees in origin_subst 55abf23dd36b inverted the value passed to origin_subst_one when rolling up the existing code into a loop. If the first token is found ($ORIGIN), this results in a wild free of part of strtab. Processing the second token works fine and will act how the first should have regardless of whether found, allocating memory for the string without freeing. Processing subsequent tokens however will then leak, regardless of whether found, as they will also believe they need to allocate memory and can't free the string. Found by: CHERI Reviewed by: kib, markj Fixes: 55abf23dd36b ("rtld: make token substitution table-driven") MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D35792 (cherry picked from commit becd9908beb8f1b47ddc6628cb005185a26ec85c) --- libexec/rtld-elf/rtld.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index ef600b3e52ca..ab3a0740bede 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -1226,7 +1226,7 @@ origin_subst(Obj_Entry *obj, const char *real) res = __DECONST(char *, real); for (i = 0; i < (int)nitems(tokens); i++) { res = origin_subst_one(tokens[i].pass_obj ? obj : NULL, - res, tokens[i].kw, tokens[i].subst, i == 0); + res, tokens[i].kw, tokens[i].subst, i != 0); } return (res); }