Don't assume past the mmaped region is accessible.

2004-02-15 02:59:04 +00:00 · 2004-02-15 02:59:04 +00:00 · f1740378ad
parent 63fcb5a042
commit f1740378ad
3 changed files with 180 additions and 78 deletions
--- a/libexec/ld.elf_so/TODO
+++ b/libexec/ld.elf_so/TODO
@ -1,5 +1,4 @@
 rtld:
-* map hints file read-only
 * resolve MIPS binding lossage

 binutils/gcc:
--- a/libexec/ld.elf_so/paths.c
+++ b/libexec/ld.elf_so/paths.c
@ -1,4 +1,4 @@
-/*	$NetBSD: paths.c,v 1.28 2004/02/15 02:56:53 enami Exp $	 */
+/*	$NetBSD: paths.c,v 1.29 2004/02/15 02:59:04 enami Exp $	 */

 /*
 * Copyright 1996 Matt Thomas <matt@3am-software.com>
@ -54,8 +54,104 @@

 static Search_Path *_rtld_find_path(Search_Path *, const char *, size_t);
 static Search_Path **_rtld_append_path(Search_Path **, Search_Path **,
-    const char *, size_t);
-static void _rtld_process_mapping(Library_Xform **, char *, size_t);
+    const char *, const char *);
+static void _rtld_process_mapping(Library_Xform **, const char *,
+    const char *);
+static char *exstrdup(const char *, const char *);
+static const char *getstr(const char **, const char *, const char *);
+static const char *getcstr(const char **, const char *, const char *);
+static const char *getword(const char **, const char *, const char *);
+static int matchstr(const char *, const char *, const char *);
+
+static const char WS[] = " \t\n";
+
+/*
+ * Like xstrdup(), but takes end of string as a argument.
+ */
+static char *
+exstrdup(const char *bp, const char *ep)
+{
+	char *cp;
+	size_t len = ep - bp;
+
+	cp = xmalloc(len + 1);
+	memcpy(cp, bp, len);
+	cp[len] = '\0';
+	return (cp);
+}
+
+/*
+ * Like strsep(), but takes end of string and doesn't put any NUL.  To
+ * detect empty string, compare `*p' and return value.
+ */
+static const char *
+getstr(const char **p, const char *ep, const char *delim)
+{
+	const char *cp = *p, *q, *r;
+
+	if (ep < cp)
+		/* End of string */
+		return (NULL);
+
+	for (q = cp; q < ep; q++)
+		for (r = delim; *r != 0; r++)
+			if (*r == *q)
+				goto done;
+
+done:
+	*p = q;
+	return (cp);
+}
+
+/*
+ * Like getstr() above, but delim[] is complemented.
+ */
+static const char *
+getcstr(const char **p, const char *ep, const char *delim)
+{
+	const char *cp = *p, *q, *r;
+
+	if (ep < cp)
+		/* End of string */
+		return (NULL);
+
+	for (q = cp; q < ep; q++)
+		for (r = delim; *r != *q; r++)
+			if (*r == 0)
+				goto done;
+
+done:
+	*p = q;
+	return (cp);
+}
+
+static const char *
+getword(const char **p, const char *ep, const char *delim)
+{
+
+	(void)getcstr(p, ep, delim);
+
+	/*
+	 * Now, we're looking non-delim, or end of string.
+	 */
+
+	return (getstr(p, ep, delim));
+}
+
+/*
+ * Match `bp' against NUL terminated string pointed by `p'.
+ */
+static int
+matchstr(const char *p, const char *bp, const char *ep)
+{
+	int c;
+
+	while (bp < ep)
+		if ((c = *p++) == 0 || c != *bp++)
+			return (0);
+
+	return (*p == 0);
+}

 static Search_Path *
 _rtld_find_path(Search_Path *path, const char *pathstr, size_t pathlen)
@ -71,20 +167,16 @@ _rtld_find_path(Search_Path *path, const char *pathstr, size_t pathlen)

 static Search_Path **
 _rtld_append_path(Search_Path **head_p, Search_Path **path_p,
-    const char *bp, size_t len)
+    const char *bp, const char *ep)
 {
-	char *cp;
 	Search_Path *path;

-	if (_rtld_find_path(*head_p, bp, len) != NULL)
+	if (_rtld_find_path(*head_p, bp, ep - bp) != NULL)
 		return path_p;

 	path = NEW(Search_Path);
-	path->sp_pathlen = len;
-	cp = xmalloc(len + 1);
-	memcpy(cp, bp, len);
-	cp[len] = '\0';
-	path->sp_path = cp;
+	path->sp_pathlen = ep - bp;
+	path->sp_path = exstrdup(bp, ep);
 	path->sp_next = (*path_p);
 	(*path_p) = path;
 	path_p = &path->sp_next;
@ -116,7 +208,7 @@ _rtld_add_paths(Search_Path **path_p, const char *pathstr)
 		if (ep == NULL)
 			ep = &pathstr[strlen(pathstr)];

-		path_p = _rtld_append_path(head_p, path_p, bp, ep - bp);
+		path_p = _rtld_append_path(head_p, path_p, bp, ep);

 		if (ep[0] == '\0')
 			break;
@ -178,35 +270,33 @@ const struct list *lists[] = {
 *	<library_name>	<machdep_variable> <value,...:library_name,...> ... 
 */
 static void
-_rtld_process_mapping(Library_Xform **lib_p, char *bp, size_t len)
+_rtld_process_mapping(Library_Xform **lib_p, const char *bp, const char *ep)
 {
-	static const char WS[] = " \t\n";
 	Library_Xform *hwptr = NULL;
-	char *ptr, *key, *lib, *l;
+	const char *ptr, *key, *ekey, *lib, *elib, *l;
 	int i, j, k;
 	
-	dbg((" processing mapping \"%s\"", bp));
+	dbg((" processing mapping \"%.*s\"", (int)(ep - bp), bp));

-	if ((ptr = strsep(&bp, WS)) == NULL)
+	if ((ptr = getword(&bp, ep, WS)) == NULL || ptr == bp)
 		return;

-	dbg((" library \"%s\"", ptr));
+	dbg((" library \"%.*s\"", (int)(bp - ptr), ptr));

 	hwptr = xmalloc(sizeof(*hwptr));
 	memset(hwptr, 0, sizeof(*hwptr));
-	hwptr->name = xstrdup(ptr);
+	hwptr->name = exstrdup(ptr, bp);

-	while ((ptr = strsep(&bp, WS)) != NULL)
-		if (*ptr != '\0')
-			break;
-	if (ptr == NULL) {
+	bp++;
+
+	if ((ptr = getword(&bp, ep, WS)) == NULL || ptr == bp) {
 		xwarnx("missing sysctl variable name");
 		goto cleanup;
 	}

-	dbg((" sysctl \"%s\"", ptr));
+	dbg((" sysctl \"%.*s\"", (int)(bp - ptr), ptr));

-	for (i = 0; (l = strsep(&ptr, ".")) != NULL; i++) {
+	for (i = 0; (l = getstr(&ptr, bp, ".")) != NULL; i++, ptr++) {

 		if (lists[i] == NULL || i >= RTLD_MAX_CTL) {
 			xwarnx("sysctl nesting too deep");
@ -218,13 +308,13 @@ _rtld_process_mapping(Library_Xform **lib_p, char *bp, size_t len)
 			if (lists[i][j].ctl == NULL)
 				continue;

-			for (k = 1; k < lists[i][j].numentries; k++) {
-				if (strcmp(lists[i][j].ctl[k].name, l) == 0)
+			for (k = 1; k < lists[i][j].numentries; k++)
+				if (matchstr(lists[i][j].ctl[k].name, l, ptr))
 					break;
-			}

 			if (lists[i][j].numentries == -1) {
-				xwarnx("unknown sysctl variable name `%s'", l);
+				xwarnx("unknown sysctl variable name `%.*s'",
+				    (int)(ptr - l), l);
 				goto cleanup;
 			}

@ -237,56 +327,61 @@ _rtld_process_mapping(Library_Xform **lib_p, char *bp, size_t len)
 	for (i = 0; i < hwptr->ctlmax; i++)
 		dbg((" sysctl %d, %d", hwptr->ctl[i], hwptr->ctltype[i]));

-	for (i = 0; (ptr = strsep(&bp, WS)) != NULL; i++) {
-		if (*ptr == '\0') {
-			/* back up index and continue */
-			i--;
+	for (i = 0; bp++, (ptr = getword(&bp, ep, WS)) != NULL;) {
+		dbg((" ptr = %.*s", (int)(bp - ptr), ptr));
+		if (ptr == bp)
 			continue;
-		}
+
 		if (i == RTLD_MAX_ENTRY) {
 no_more:
 			xwarnx("maximum library entries exceeded `%s'",
 			    hwptr->name);
 			goto cleanup;
 		}
-		if ((key = strsep(&ptr, ":")) == NULL) {
+		if ((key = getstr(&ptr, bp, ":")) == NULL) {
 			xwarnx("missing sysctl variable value for `%s'",
 			    hwptr->name);
 			goto cleanup;
 		}
-		if ((lib = strsep(&ptr, ":")) == NULL) {
+		ekey = ptr++;
+		if ((lib = getstr(&ptr, bp, ":")) == NULL) {
 			xwarnx("missing sysctl library list for `%s'",
 			    hwptr->name);
 			goto cleanup;
 		}
-		for (j = 0; (l = strsep(&lib, ",")) != NULL; j++) {
+		elib = ptr;		/* No need to advance */
+		for (j = 0; (l = getstr(&lib, elib, ",")) != NULL;
+		    j++, lib++) {
 			if (j == RTLD_MAX_LIBRARY) {
 				xwarnx("maximum library entries exceeded `%s'",
 				    hwptr->name);
 				goto cleanup;
 			}
-			dbg((" library \"%s\"", l));
-			hwptr->entry[i].library[j] = xstrdup(l);
+			dbg((" library \"%.*s\"", (int)(lib - l), l));
+			hwptr->entry[i].library[j] = exstrdup(l, lib);
 		}
 		if (j == 0) {
-			xwarnx("No library map entries for `%s/%s'",
-				hwptr->name, ptr);
+			xwarnx("No library map entries for `%s/%.*s'",
+			    hwptr->name, (int)(bp - ptr), ptr);
 			goto cleanup;
 		}
 		j = i;
-		for (; (l = strsep(&key, ",")) != NULL; i++) {
-			dbg((" key \"%s\"", l));
+		for (; (l = getstr(&key, ekey, ",")) != NULL; i++, key++) {
+			/*
+			 * Allow empty key (it is valid as string
+			 * value).  Thus, we loop at least once and
+			 * `i' is incremented.
+			 */
+
+			dbg((" key \"%.*s\"", (int)(key - l), l));
 			if (i == RTLD_MAX_ENTRY)
 				goto no_more;
 			if (i != j)
 				(void)memcpy(hwptr->entry[i].library, 
 				    hwptr->entry[j].library,
 				    sizeof(hwptr->entry[j].library));
-			hwptr->entry[i].value = xstrdup(l);
+			hwptr->entry[i].value = exstrdup(l, key);
 		}
-
-		if (j != i)
-			i--;
 	}

 	if (i == 0) {
@ -306,14 +401,15 @@ cleanup:
 }

 void
-_rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p, const char *fname)
+_rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p,
+    const char *fname)
 {
 	int fd;
-	char *buf, *b, *ebuf;
+	char *buf;
+	const char *b, *ep, *ptr;
 	struct stat st;
-	size_t sz, len;
+	size_t sz;
 	Search_Path **head_p = path_p;
-	int doing_path = 0;

 	if ((fd = open(fname, O_RDONLY)) == -1) {
 		/* Don't complain */
@ -328,7 +424,7 @@ _rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p, const char *fna

 	sz = (size_t) st.st_size;

-	buf = mmap(0, sz, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FILE, fd, 0);
+	buf = mmap(0, sz, PROT_READ, MAP_SHARED|MAP_FILE, fd, 0);
 	if (buf == MAP_FAILED) {
 		xwarn("mmap: %s", fname);
 		(void)close(fd);
@ -339,31 +435,28 @@ _rtld_process_hints(Search_Path **path_p, Library_Xform **lib_p, const char *fna
 	while ((*path_p) != NULL)
 		path_p = &(*path_p)->sp_next;

-	for (b = buf, ebuf = buf + sz; b < ebuf; ) {
-		b += strspn(b, " \t\n");
-		if (*b == '\0')
+	for (b = buf, ep = buf + sz; b < ep; b++) {
+		(void)getcstr(&b, ep, WS);
+		if (b == ep)
 			break;

-		len = strcspn(b, "\n#");
-		if (len == 0) {
-			b += strcspn(b, "\n");			
-			continue;
-		}
+		ptr = getstr(&b, ep, "\n#");
+		if (*ptr == '/') {
+			/*
+			 * Since '/' != '\n' and != '#', we know ptr <
+			 * b.  And we will stop when b[-1] == '/'.
+			 */
+			while (b[-1] == ' ' || b[-1] == '\t')
+				b--;
+			path_p = _rtld_append_path(head_p, path_p, ptr, b);
+		} else
+			_rtld_process_mapping(lib_p, ptr, b);

-		doing_path = *b == '/';
-		if (doing_path) {
-			size_t tmp = len - 1;
-			while (b[tmp] == '#' || b[tmp] == ' ' || b[tmp] == '\t')
-				tmp--;
-			path_p = _rtld_append_path(head_p, path_p, b, tmp + 1);
-		} else {
-			char tmp = b[len];
-			b[len] = '\0';
-			_rtld_process_mapping(lib_p, b, len);
-			b[len] = tmp;
-		}
-			
-		b += len;
+		/*
+		 * b points one of ' ', \t, \n, # or equal to ep.  So,
+		 * make sure we are at newline or end of string.
+		 */
+		(void)getstr(&b, ep, "\n");
 	}

 	(void)munmap(buf, sz);
--- a/libexec/ld.elf_so/xprintf.c
+++ b/libexec/ld.elf_so/xprintf.c
@ -1,4 +1,4 @@
-/*	$NetBSD: xprintf.c,v 1.15 2003/07/24 10:12:26 skrll Exp $	 */
+/*	$NetBSD: xprintf.c,v 1.16 2004/02/15 02:59:04 enami Exp $	 */

 /*
 * Copyright 1996 Matt Thomas <matt@3am-software.com>
@ -51,7 +51,7 @@ xvsnprintf(char *buf, size_t buflen, const char *fmt, va_list ap)
 {
 	char *bp = buf;
 	char *const ep = buf + buflen - 4;
-	int size;
+	int size, prec;

 	while (*fmt != '\0' && bp < ep) {
 		switch (*fmt) {
@ -62,7 +62,14 @@ xvsnprintf(char *buf, size_t buflen, const char *fmt, va_list ap)
 		}
 		case '%':{
 			size = 0;
+			prec = -1;
 	rflag:		switch (fmt[1]) {
+			case '*':
+				prec = va_arg(ap, int);
+				/* FALLTHROUGH */
+			case '.':
+				fmt++;
+				goto rflag;
 			case 'l':
 				size |= SZ_LONG;
 				fmt++;
@ -155,7 +162,10 @@ va_arg(ap, unsigned int))
 				if (str == NULL)
 					str = "(null)";

-				len = strlen(str);
+				if (prec < 0)
+					len = strlen(str);
+				else
+					len = prec;
 				if (ep - bp < len)
 					len = ep - bp;
 				memcpy(bp, str, len);