From 27593d3a357073cfd24e6b09e207b8c742cd2dd7 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 31 Jul 2013 15:14:06 -0400 Subject: fix theoretical out-of-bound access in dynamic linker one of the arguments to memcmp may be shorter than the length l-3, and memcmp is under no obligation not to access past the first byte that differs. instead use strncmp which conveys the correct semantics. the performance difference is negligible here and since the code is only use for shared libc, both functions are already linked anyway. --- src/ldso/dynlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index 814f5c7e..2f399a57 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -467,7 +467,7 @@ static struct dso *load_library(const char *name) char *z = strchr(name, '.'); if (z) { size_t l = z-name; - for (rp=reserved; *rp && memcmp(name+3, rp, l-3); rp+=strlen(rp)+1); + for (rp=reserved; *rp && strncmp(name+3, rp, l-3); rp+=strlen(rp)+1); if (*rp) { if (ldd_mode) { /* Track which names have been resolved -- cgit v1.2.1