Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid potential buffer overflow/missing zero termination of string #36408

Merged
merged 5 commits into from
Jun 28, 2020
Merged

Avoid potential buffer overflow/missing zero termination of string #36408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5c10168
Avoid potential buffer overflow/missing zero termination of string
martinholters Jun 24, 2020
befc4c7
[Libdl]: Add `@executable_path` expansion test
staticfloat Jun 24, 2020
2e4e0f9
Test that overly long entries in `DL_LOAD_PATH` don't result in segfault
martinholters Jun 25, 2020
2d5ef64
Disable tests if temporary directory and BINDIR are on different file…
staticfloat Jun 25, 2020
388e186
Switch order of `DL_LOAD_PATH` tests
martinholters Jun 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/dlload.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,8 @@ JL_DLLEXPORT void *jl_load_dynamic_library(const char *modname, unsigned flags,
snprintf(relocated, PATHBUF, "%s%s", jl_options.julia_bindir, dl_path + 16);
len = len - 16 + strlen(jl_options.julia_bindir);
} else {
strncpy(relocated, dl_path, len);
strncpy(relocated, dl_path, PATHBUF);
relocated[PATHBUF-1] = '\0';
}
for (i = 0; i < n_extensions; i++) {
const char *ext = extensions[i];
Expand Down
50 changes: 50 additions & 0 deletions stdlib/Libdl/test/runtests.jl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,4 +222,54 @@ let dl = C_NULL
@test_skip !Libdl.dlclose(dl) # Syscall doesn't fail on Win32
end

# test DL_LOAD_PATH handling and @executable_path expansion
mktempdir() do dir
# Create a `libdcalltest` in a directory that is not on our load path
src_path = joinpath(private_libdir, "libccalltest.$(Libdl.dlext)")
dst_path = joinpath(dir, "libdcalltest.$(Libdl.dlext)")
cp(src_path, dst_path)

# Add an absurdly long entry to the load path to verify it doesn't lead to a buffer overflow
push!(Base.DL_LOAD_PATH, joinpath(dir, join(rand('a':'z', 10000))))

# Add the temporary directors to load path by absolute path
push!(Base.DL_LOAD_PATH, dir)

# Test that we can now open that file
Libdl.dlopen("libdcalltest") do dl
fptr = Libdl.dlsym(dl, :set_verbose)
@test fptr !== nothing
@test_throws ErrorException Libdl.dlsym(dl, :foo)

fptr = Libdl.dlsym_e(dl, :set_verbose)
@test fptr != C_NULL
fptr = Libdl.dlsym_e(dl, :foo)
@test fptr == C_NULL
end

# Skip these tests if the temporary directory is not on the same filesystem
# as the BINDIR, as in that case, a relative path will never work.
if Base.Filesystem.splitdrive(dir)[1] != Base.Filesystem.splitdrive(Sys.BINDIR)[1]
return
end

empty!(Base.DL_LOAD_PATH)
push!(Base.DL_LOAD_PATH, joinpath(dir, join(rand('a':'z', 10000))))

# Add this temporary directory to our load path, now using `@executable_path` to do so.
push!(Base.DL_LOAD_PATH, joinpath("@executable_path", relpath(dir, Sys.BINDIR)))
martinholters marked this conversation as resolved.
Show resolved Hide resolved

# Test that we can now open that file
Libdl.dlopen("libdcalltest") do dl
fptr = Libdl.dlsym(dl, :set_verbose)
@test fptr !== nothing
@test_throws ErrorException Libdl.dlsym(dl, :foo)

fptr = Libdl.dlsym_e(dl, :set_verbose)
@test fptr != C_NULL
fptr = Libdl.dlsym_e(dl, :foo)
@test fptr == C_NULL
end
end

end