Date: Fri, 11 Oct 2002 16:43:35 +0200 (SAST) From: apb@cequrux.com To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/43930: ldconfig calls bcopy with wrong size Message-ID: <200210111443.QAA20762@build.cequrux.com>
next in thread | raw e-mail | index | archive | help
>Number: 43930
>Category: bin
>Synopsis: ldconfig calls bcopy with wrong size
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 11 07:40:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Alan Barrett
>Release: FreeBSD 4.6
>Organization:
Not much
>Environment:
>Description:
In the enter() function in ldconfig, bcopy is sometimes called
with the wrong size: MAXDEWEY instead of MAXDEWEY*sixeof(int),
or sizeof(sbp->dewey).
The effect of this error is that only the major and minor
version numbers are copied into the data structure. The third,
fourth and later teeny version numbers, if any, are accidentally
set to zero.
As a consequence of this error, ldconfig will sometimes end up
choosing the second-highest numbered shared library instead
of the highest numbered shared library. The incorrect choice
happens when the highest numbered library happens to be the
first one encountered in the readdir() loop, and when the
difference between the highest and second-highest numbered
library is not apparent in the first two (major and minor)
version number fields, but only in the third or later fields.
>How-To-Repeat:
The following commands demonstrate the problem under FreeBSD-2.2.
Demonstrating it under more recent ELF systems is difficult,
because it's masked by all the ELF library symlinks.
# cd /usr/lib
# touch libfoo.so.1.2.3.4
# touch libfoo.so.1.2.3.1
# ls -1f | grep libfoo
libfoo.so.1.2.3.4
libfoo.so.1.2.3.1
# ldconfig -R -v | grep libfoo
Adding /usr/lib/libfoo.so.1.2.3.4
Updating libfoo.1.2 to /usr/lib/libfoo.1.2.3.1
Although the first line of ldconfig output shows it adding
version 1.2.3.4, the bcopy size error makes it act as though
it added version 1.2.0.0. Later, version 1.2.3.1 is seen as
higher than 1.2.0.0, and this causes the "Updating" output.
The error does not occur if the output from "ls -f" is in the
opposite order.
>Fix:
Apply the following patch to src/sbin/ldconfig/ldconfig.c in
-current and the RELENG_4_* and RELENG_3_* branches. Apply it to
src/gnu/usr.bin/ld/ldconfig/ldconfig.c in the RELENG_2_* branches if
anybody cares.
--- ldconfig.c 2002/09/17 01:48:53 1.38
+++ ldconfig.c 2002/10/11 13:56:40
@@ -357,7 +357,7 @@
shp = (struct shlib_list *)xmalloc(sizeof *shp);
shp->name = strdup(name);
shp->path = concat(dir, "/", file);
- bcopy(dewey, shp->dewey, MAXDEWEY);
+ bcopy(dewey, shp->dewey, sizeof(sbp->dewey));
shp->ndewey = ndewey;
shp->next = NULL;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210111443.QAA20762>