From 0432680e8c2ecd832038387f92b462dea75e94cc Mon Sep 17 00:00:00 2001 From: Pierre Ynard Date: Fri, 28 Jun 2013 21:43:42 +0000 Subject: [PATCH] Test for mprotect failure in dl-load.c (bug 12492). --- ChangeLog | 6 ++++++ NEWS | 24 ++++++++++++------------ elf/dl-load.c | 6 +++++- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4ca3864..8d81f2d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2013-06-28 Pierre Ynard + + [BZ #12492] + * elf/dl-load.c (_dl_map_object_from_fd): Test for failure of + mprotect making __stack_prot writable. + 2013-06-28 Nathan Froyd Joseph Myers diff --git a/NEWS b/NEWS index e7fcf81..7fa47f1 100644 --- a/NEWS +++ b/NEWS @@ -10,18 +10,18 @@ Version 2.18 * The following bugs are resolved with this release: 2546, 2560, 5159, 6809, 7006, 10060, 10062, 10283, 10357, 10686, 11120, - 11561, 12310, 12387, 12515, 12723, 13550, 13889, 13951, 13988, 14142, - 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496, 14582, - 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952, 14964, - 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006, 15007, - 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078, 15084, - 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283, 15285, - 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, - 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395, - 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, - 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, - 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, 15618, - 15627, 15631, 15654, 15655, 15666, 15667, 15674. + 11561, 12310, 12387, 12492, 12515, 12723, 13550, 13889, 13951, 13988, + 14142, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496, + 14582, 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952, + 14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006, + 15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078, + 15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283, + 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, + 15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, + 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, + 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, + 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, + 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/elf/dl-load.c b/elf/dl-load.c index d53ead4..655e38e 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -1487,7 +1487,11 @@ cannot allocate TLS data structures for initial thread"); if (__builtin_expect (p + s <= relro_end, 1)) { /* The variable lies in the region protected by RELRO. */ - __mprotect ((void *) p, s, PROT_READ|PROT_WRITE); + if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0) + { + errstring = N_("cannot change memory protections"); + goto call_lose_errno; + } __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC; __mprotect ((void *) p, s, PROT_READ); } -- 2.7.4