Fix a bug in dlinfo(RTLD_DI_SERINFOSIZE) requests. For each search path

we included the length of the path in the returned size but not the length of the associated Dl_serpath structure. Without this fix, programs attempting to allocate a structure to hold the search path information would allocate too small of a buffer and rtld would overrun the buffer while filling it via a subsequent RTLD_DI_SERINFO request. Submitted by: "William K. Josephson" wkj at morphisms dot net Reviewed by: jdp MFC after: 2 weeks
author: jhb <jhb@FreeBSD.org> 2005-11-11 19:57:41 +0000
committer: jhb <jhb@FreeBSD.org> 2005-11-11 19:57:41 +0000
commit: 2ef18a36a52be615626faff3ce34611f0e1e1013 (patch)
tree: ababdd4405f19282da0739f7940277e9ea39eb19 /libexec/rtld-elf
parent: 42f426fa1283df17a7240bc8c8c9a33531dc929a (diff)
download: FreeBSD-src-2ef18a36a52be615626faff3ce34611f0e1e1013.zip
FreeBSD-src-2ef18a36a52be615626faff3ce34611f0e1e1013.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index 1db0227..244b5db 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -1968,7 +1968,7 @@ fill_search_info(const char *dir, size_t dirlen, void *param)
 
     if (arg->request == RTLD_DI_SERINFOSIZE) {
 	arg->serinfo->dls_cnt ++;
-	arg->serinfo->dls_size += dirlen + 1;
+	arg->serinfo->dls_size += sizeof(Dl_serpath) + dirlen + 1;
     } else {
 	struct dl_serpath *s_entry;
author	jhb <jhb@FreeBSD.org>	2005-11-11 19:57:41 +0000
committer	jhb <jhb@FreeBSD.org>	2005-11-11 19:57:41 +0000
commit	2ef18a36a52be615626faff3ce34611f0e1e1013 (patch)
tree	ababdd4405f19282da0739f7940277e9ea39eb19 /libexec/rtld-elf
parent	42f426fa1283df17a7240bc8c8c9a33531dc929a (diff)
download	FreeBSD-src-2ef18a36a52be615626faff3ce34611f0e1e1013.zip FreeBSD-src-2ef18a36a52be615626faff3ce34611f0e1e1013.tar.gz