fix security issues in libltdl (CVE-2009-3736)

2009-12-08 15:28:26 +00:00 · 2009-12-08 15:28:26 +00:00 · d43dd7ec44
parent ada66a22ac
commit d43dd7ec44
1 changed files with 81 additions and 13 deletions
--- a/libltdl-CVE-2009-3736.patch
+++ b/libltdl-CVE-2009-3736.patch
@ -1,22 +1,90 @@
-diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
--- arts-orig/libltdl/ltdl.c	2003-07-13 21:33:39.000000000 +0200
-+++ arts-1.1.3/libltdl/ltdl.c	2009-11-19 16:09:29.000000000 +0100
-@@ -1544,7 +1544,8 @@
+diff -up arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736 arts-1.5.10/libltdl/ltdl.c
+--- arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736	2008-08-19 22:18:38.000000000 +0200
+++ arts-1.5.10/libltdl/ltdl.c	2009-12-08 16:02:38.000000000 +0100
+@@ -1454,9 +1454,10 @@ lt_dlexit ()
+ }
+ 
+ static int
+-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
+      lt_dlhandle *handle;
+      const char *filename;
+     const char *useloader;
+ {
+   lt_dlhandle	 cur;
+   lt_dlloader   *loader;
+@@ -1514,6 +1515,11 @@ tryall_dlopen (handle, filename)
+ 
+   while (loader)
+     {
+      if (useloader && strcmp(loader->loader_name, useloader))
+	{
+	  loader = loader->next;
+	  continue;
+	}
+       lt_user_data data = loader->dlloader_data;
+ 
+       cur->module = loader->module_open (data, filename);
+@@ -1556,7 +1562,7 @@ find_module (handle, dir, libdir, dlname
   /* try to open the old library first; if it was dlpreopened,
      we want the preopened version of it, even if a dlopenable
      module is available */
 -  if (old_name && tryall_dlopen(handle, old_name) == 0)
-+  if (old_name && tryall_dlopen(handle, old_name,
-+                                advise, lt_dlloader_find ("lt_preopen") ) == 0)
+  if (old_name && tryall_dlopen(handle, old_name, "dlpreload") == 0)
     {
       return 0;
     }
-@@ -2158,7 +2159,7 @@
+@@ -1579,7 +1585,7 @@ find_module (handle, dir, libdir, dlname
+ 	    }
+ 
+ 	  sprintf (filename, "%s/%s", libdir, dlname);
+-	  error = (tryall_dlopen (handle, filename) != 0);
+	  error = (tryall_dlopen (handle, filename, NULL) != 0);
+ 	  LT_DLFREE (filename);
+ 
+ 	  if (!error)
+@@ -1611,7 +1617,7 @@ find_module (handle, dir, libdir, dlname
+ 	  strcat(filename, objdir);
+ 	  strcat(filename, dlname);
+ 
+-	  error = tryall_dlopen (handle, filename) != 0;
+	  error = tryall_dlopen (handle, filename, NULL) != 0;
+ 	  LT_DLFREE (filename);
+ 	  if (!error)
+ 	    {
+@@ -1634,7 +1640,7 @@ find_module (handle, dir, libdir, dlname
 	  }
+ 	strcat(filename, dlname);
+ 
+-	error = (tryall_dlopen (handle, filename) != 0);
+	error = (tryall_dlopen (handle, filename, NULL) != 0);
+ 	LT_DLFREE (filename);
+ 	if (!error)
+ 	  {
+@@ -1749,7 +1755,7 @@ find_file (basename, search_path, pdir, 
+       strcpy(filename+lendir, basename);
+       if (handle)
+ 	{
+-	  if (tryall_dlopen (handle, filename) == 0)
+	  if (tryall_dlopen (handle, filename, NULL) == 0)
+ 	    {
+ 	      result = (lt_ptr) handle;
+ 	      goto cleanup;
+@@ -2063,7 +2069,7 @@ lt_dlopen (filename)
+       /* lt_dlclose()ing yourself is very bad!  Disallow it.  */
+       LT_DLSET_FLAG (handle, LT_DLRESIDENT_FLAG);
+ 
+-      if (tryall_dlopen (&newhandle, 0) != 0)
+      if (tryall_dlopen (&newhandle, 0, NULL) != 0)
+ 	{
+ 	  LT_DLFREE (handle);
+ 	  return 0;
+@@ -2368,7 +2374,7 @@ lt_dlopen (filename)
+ #ifdef LTDL_SYSSEARCHPATH
+ 		      && !find_file (basename, sys_search_path, 0, &newhandle)
 #endif
-       }
-    if (!file)
-+    else
-       {
- 	file = fopen (filename, LT_READTEXT_MODE);
-       }
+-		   )) && tryall_dlopen (&newhandle, filename))
+		   )) && tryall_dlopen (&newhandle, filename, NULL))
+ 	{
+ 	  LT_DLFREE (handle);
+ 	  goto cleanup;