Subject: wrong assumption in ld.elf_so
To: None <tech-userlevel@netbsd.org>
From: enami tsugutomo <enami@but-b.or.jp>
List: tech-userlevel
Date: 10/26/2003 11:12:13
Currently, ld.elf_so does wrong assumption that mmap'ed ld.so.conf is
a C string (i.e, terminated by NUL and is always accesible). Attached
patch removes it.
Comments?
enami.
Index: paths.c
===================================================================
RCS file: /cvsroot/src/libexec/ld.elf_so/paths.c,v
retrieving revision 1.27
diff -u -r1.27 paths.c
--- paths.c 24 Jul 2003 10:12:26 -0000 1.27
+++ paths.c 26 Oct 2003 01:21:44 -0000
@@ -54,8 +54,104 @@
static Search_Path *_rtld_find_path(Search_Path *, const char *, size_t);
static Search_Path **_rtld_append_path(Search_Path **, Search_Path **,
- const char *, size_t);
-static void _rtld_process_mapping(Library_Xform **, char *, size_t);
+ const char *, const char *);
+static void _rtld_process_mapping(Library_Xform **, const char *,
+ const char *);
+static char *exstrdup(const char *, const char *);
+static const char *getstr(const char **, const char *, const char *);
+static const char *getcstr(const char **, const char *, const char *);
+static const char *getword(const char **, const char *, const char *);
+static int matchstr(const char *, const char *, const char *);
+
+static const char WS[] = " \t\n";
+
+/*
+ * Like xstrdup(), but takes end of string as a argument.
+ */
+static char *
+exstrdup(const char *bp, const char *ep)
+{
+ char *cp;
+ size_t len = ep - bp;
+
+ cp = xmalloc(len + 1);
+ memcpy(cp, bp, len);
+ cp[len] = '\0';
+ return (cp);
+}
+
+/*
+ * Like strsep(), but takes end of string and doesn't put any NUL. To
+ * detect empty string, compare `*p' and return value.
+ */
+static const char *
+getstr(const char **p, const char *ep, const char *delim)
+{
+ const char *cp = *p, *q, *r;
+
+ if (ep < cp)
+ /* End of string */
+ return (NULL);
+
+ for (q = cp; q < ep; q++)
+ for (r = delim; *r != 0; r++)
+ if (*r == *q)
+ goto done;
+
+done:
+ *p = q;
+ return (cp);
+}
+
+/*
+ * Like getstr() above, but delim[] is complemented.
+ */
+static const char *
+getcstr(const char **p, const char *ep, const char *delim)
+{
+ const char *cp = *p, *q, *r;
+
+ if (ep < cp)
+ /* End of string */
+ return (NULL);
+
+ for (q = cp; q < ep; q++)
+ for (r = delim; *r != *q; r++)
+ if (*r == 0)
+ goto done;
+
+done:
+ *p = q;
+ return (cp);
+}
+
+static const char *
+getword(const char **p, const char *ep, const char *delim)
+{
+
+ (void)getcstr(p, ep, delim);
+
+ /*
+ * Now, we're looking non-delim, or end of string.
+ */
+
+ return (getstr(p, ep, delim));
+}
+
+/*
+ * Match `bp' against NUL terminated string pointed by `p'.
+ */
+static int
+matchstr(const char *p, const char *bp, const char *ep)
+{
+ int c;
+
+ while (bp < ep)
+ if ((c = *p++) == 0 || c != *bp++)
+ return (0);
+
+ return (*p == 0);
+}
static Search_Path *
_rtld_find_path(Search_Path *path, const char *pathstr, size_t pathlen)
@@ -71,20 +167,16 @@
static Search_Path **
_rtld_append_path(Search_Path **head_p, Search_Path **path_p,
- const char *bp, size_t len)
+ const char *bp, const char *ep)
{
- char *cp;
Search_Path *path;
- if (_rtld_find_path(*head_p, bp, len) != NULL)
+ if (_rtld_find_path(*head_p, bp, ep - bp) != NULL)
return path_p;
path = NEW(Search_Path);
- path->sp_pathlen = len;
- cp = xmalloc(len + 1);
- memcpy(cp, bp, len);
- cp[len] = '\0';
- path->sp_path = cp;
+ path->sp_pathlen = ep - bp;
+ path->sp_path = exstrdup(bp, ep);
path->sp_next = (*path_p);
(*path_p) = path;
path_p = &path->sp_next;
@@ -116,7 +208,7 @@
if (ep == NULL)
ep = &pathstr[strlen(pathstr)];
- path_p = _rtld_append_path(head_p, path_p, bp, ep - bp);
+ path_p = _rtld_append_path(head_p, path_p, bp, ep);
if (ep[0] == '\0')
break;
@@ -178,35 +270,33 @@
* <library_name> <machdep_variable> <value,...:library_name,...> ...
*/
static void
-_rtld_process_mapping(Library_Xform **lib_p, char *bp, size_t len)
+_rtld_process_mapping(Library_Xform **lib_p, const char *bp, const char *ep)
{
- static const char WS[] = " \t\n";
Library_Xform *hwptr = NULL;
- char *ptr, *key, *lib, *l;
+ const char *ptr, *key, *ekey, *lib, *elib, *l;
int i, j, k;
- dbg((" processing mapping \"%s\"", bp));
+ dbg((" processing mapping \"%.*s\"", ep - bp, bp));
- if ((ptr = strsep(&bp, WS)) == NULL)
+ if ((ptr = getword(&bp, ep, WS)) == NULL || ptr == bp)
return;
- dbg((" library \"%s\"", ptr));
+ dbg((" library \"%.*s\"", bp - ptr, ptr));
hwptr = xmalloc(sizeof(*hwptr));
memset(hwptr, 0, sizeof(*hwptr));
- hwptr->name = xstrdup(ptr);
+ hwptr->name = exstrdup(ptr, bp);
- while ((ptr = strsep(&bp, WS)) != NULL)
- if (*ptr != '\0')
- break;
- if (ptr == NULL) {
+ bp++;
+
+ if ((ptr = getword(&bp, ep, WS)) == NULL || ptr == bp) {
xwarnx("missing sysctl variable name");
goto cleanup;
}
- dbg((" sysctl \"%s\"", ptr));
+ dbg((" sysctl \"%.*s\"", bp - ptr, ptr));
- for (i = 0; (l = strsep(&ptr, ".")) != NULL; i++) {
+ for (i = 0; (l = getstr(&ptr, bp, ".")) != NULL; i++, ptr++) {
if (lists[i] == NULL || i >= RTLD_MAX_CTL) {
xwarnx("sysctl nesting too deep");
@@ -218,13 +308,13 @@
if (lists[i][j].ctl == NULL)
continue;
- for (k = 1; k < lists[i][j].numentries; k++) {
- if (strcmp(lists[i][j].ctl[k].name, l) == 0)
+ for (k = 1; k < lists[i][j].numentries; k++)
+ if (matchstr(lists[i][j].ctl[k].name, l, ptr))
break;
- }
if (lists[i][j].numentries == -1) {
- xwarnx("unknown sysctl variable name `%s'", l);
+ xwarnx("unknown sysctl variable name `%.*s'",
+ ptr - l, l);
goto cleanup;
}
@@ -237,56 +327,61 @@
for (i = 0; i < hwptr->ctlmax; i++)
dbg((" sysctl %d, %d", hwptr->ctl[i], hwptr->ctltype[i]));
- for (i = 0; (ptr = strsep(&bp, WS)) != NULL; i++) {
- if (*ptr == '\0') {
- /* back up index and continue */
- i--;
+ for (i = 0; bp++, (ptr = getword(&bp, ep, WS)) != NULL;) {
+ dbg((" ptr = %.*s", bp - ptr, ptr));
+ if (ptr == bp)
continue;
- }
+
if (i == RTLD_MAX_ENTRY) {
no_more:
xwarnx("maximum library entries exceeded `%s'",
hwptr->name);
goto cleanup;
}
- if ((key = strsep(&ptr, ":")) == NULL) {
+ if ((key = getstr(&ptr, bp, ":")) == NULL) {
xwarnx("missing sysctl variable value for `%s'",
hwptr->name);
goto cleanup;
}
- if ((lib = strsep(&ptr, ":")) == NULL) {
+ ekey = ptr++;
+ if ((lib = getstr(&ptr, bp, ":")) == NULL) {
xwarnx("missing sysctl library list for `%s'",
hwptr->name);
goto cleanup;
}
- for (j = 0; (l = strsep(&lib, ",")) != NULL; j++) {
+ elib = ptr; /* No need to advance */
+ for (j = 0; (l = getstr(&lib, elib, ",")) != NULL;
+ j++, lib++) {
if (j == RTLD_MAX_LIBRARY) {
xwarnx("maximum library entries exceeded `%s'",
hwptr->name);
goto cleanup;
}
- dbg((" library \"%s\"", l));
- hwptr->entry[i].library[j] = xstrdup(l);
+ dbg((" library \"%.*s\"", lib - l, l));
+ hwptr->entry[i].library[j] = exstrdup(l, lib);
}
if (j == 0) {
- xwarnx("No library map entries for `%s/%s'",
- hwptr->name, ptr);
+ xwarnx("No library map entries for `%s/%.*s'",
+ hwptr->name, bp - ptr, ptr);
goto cleanup;
}
j = i;
- for (; (l = strsep(&key, ",")) != NULL; i++) {
- dbg((" key \"%s\"", l));
+ for (; (l = getstr(&key, ekey, ",")) != NULL; i++, key++) {
+ /*
+ * Allow empty key (it is valid as string
+ * value). Thus, we loop at least once and
+ * `i' is incremented.
+ */
+
+ dbg((" key \"%.*s\"", key - l, l));
if (i == RTLD_MAX_ENTRY)
goto no_more;
if (i != j)
(void)memcpy(hwptr->entry[i].library,
hwptr->entry[j].library,
sizeof(hwptr->entry[j].library));
- hwptr->entry[i].value = xstrdup(l);
+ hwptr->entry[i].value = exstrdup(l, key);
}
-
- if (j != i)
- i--;
}
if (i == 0) {
@@ -306,14 +401,15 @@
}
void
-_rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p, const char *fname)
+_rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p,
+ const char *fname)
{
int fd;
- char *buf, *b, *ebuf;
+ char *buf;
+ const char *b, *ep, *ptr;
struct stat st;
- size_t sz, len;
+ size_t sz;
Search_Path **head_p = path_p;
- int doing_path = 0;
if ((fd = open(fname, O_RDONLY)) == -1) {
/* Don't complain */
@@ -328,9 +424,9 @@
sz = (size_t) st.st_size;
- buf = mmap(0, sz, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FILE, fd, 0);
+ buf = mmap(0, sz, PROT_READ, MAP_SHARED|MAP_FILE, fd, 0);
if (buf == MAP_FAILED) {
- xwarn("fstat: %s", fname);
+ xwarn("mmap: %s", fname);
(void)close(fd);
return;
}
@@ -339,31 +435,28 @@
while ((*path_p) != NULL)
path_p = &(*path_p)->sp_next;
- for (b = buf, ebuf = buf + sz; b < ebuf; ) {
- b += strspn(b, " \t\n");
- if (*b == '\0')
+ for (b = buf, ep = buf + sz; b < ep; b++) {
+ (void)getcstr(&b, ep, WS);
+ if (b == ep)
break;
- len = strcspn(b, "\n#");
- if (len == 0) {
- b += strcspn(b, "\n");
- continue;
- }
+ ptr = getstr(&b, ep, "\n#");
+ if (*ptr == '/') {
+ /*
+ * Since '/' != '\n' and != '#', we know ptr <
+ * b. And we will stop when b[-1] == '/'.
+ */
+ while (b[-1] == ' ' || b[-1] == '\t')
+ b--;
+ path_p = _rtld_append_path(head_p, path_p, ptr, b);
+ } else
+ _rtld_process_mapping(lib_p, ptr, b);
- doing_path = *b == '/';
- if (doing_path) {
- size_t tmp = len - 1;
- while (b[tmp] == '#' || b[tmp] == ' ' || b[tmp] == '\t')
- tmp--;
- path_p = _rtld_append_path(head_p, path_p, b, tmp + 1);
- } else {
- char tmp = b[len];
- b[len] = '\0';
- _rtld_process_mapping(lib_p, b, len);
- b[len] = tmp;
- }
-
- b += len;
+ /*
+ * b points one of ' ', \t, \n, # or equal to ep. So,
+ * make sure we are at newline or end of string.
+ */
+ (void)getstr(&b, ep, "\n");
}
(void)munmap(buf, sz);
Index: xprintf.c
===================================================================
RCS file: /cvsroot/src/libexec/ld.elf_so/xprintf.c,v
retrieving revision 1.15
diff -u -r1.15 xprintf.c
--- xprintf.c 24 Jul 2003 10:12:26 -0000 1.15
+++ xprintf.c 26 Oct 2003 01:21:44 -0000
@@ -51,7 +51,7 @@
{
char *bp = buf;
char *const ep = buf + buflen - 4;
- int size;
+ int size, prec;
while (*fmt != '\0' && bp < ep) {
switch (*fmt) {
@@ -62,7 +62,14 @@
}
case '%':{
size = 0;
+ prec = -1;
rflag: switch (fmt[1]) {
+ case '*':
+ prec = va_arg(ap, int);
+ /* FALLTHROUGH */
+ case '.':
+ fmt++;
+ goto rflag;
case 'l':
size |= SZ_LONG;
fmt++;
@@ -155,7 +162,10 @@
if (str == NULL)
str = "(null)";
- len = strlen(str);
+ if (prec < 0)
+ len = strlen(str);
+ else
+ len = prec;
if (ep - bp < len)
len = ep - bp;
memcpy(bp, str, len);