diff options
| author | Allen Byrne <byrn@hdfgroup.org> | 2020-08-12 21:19:55 (GMT) |
|---|---|---|
| committer | Allen Byrne <byrn@hdfgroup.org> | 2020-08-12 21:19:55 (GMT) |
| commit | e70fee7f362e4b57a268f2a9fe4d76f307aca19b (patch) | |
| tree | c6faafd0d39cef372e0eee50183cfd0f6628ee6b | |
| parent | 60abc27c160721720c34b3b2e691c480c43aeed2 (diff) | |
| download | hdf5-e70fee7f362e4b57a268f2a9fe4d76f307aca19b.zip hdf5-e70fee7f362e4b57a268f2a9fe4d76f307aca19b.tar.gz hdf5-e70fee7f362e4b57a268f2a9fe4d76f307aca19b.tar.bz2 | |
HDFFV-11127 - force RTLD_LOCAL in dlopen
| -rw-r--r-- | release_docs/RELEASE.txt | 9 | ||||
| -rw-r--r-- | src/H5PLpkg.h | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 6a9dcb5..0206125 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -342,6 +342,15 @@ Bug Fixes since HDF5-1.10.5 release Library ------- + - Explicitly declared dlopen to use RTLD_LOCAL + + dlopen documentation states that f neither RTLD_GLOBAL nor + RTLD_LOCAL are specified, then the default behavior is unspecified. + The default on linux is usually RTLD_LOCAL while macos will default + to RTLD_GLOBAL. + + (ADB - 2020/08/12, HDFFV-11127) + - Fixed issues CVE-2018-13870 and CVE-2018-13869 When a buffer overflow occurred because a name length was corrupted diff --git a/src/H5PLpkg.h b/src/H5PLpkg.h index dfaa4af..48208d1 100644 --- a/src/H5PLpkg.h +++ b/src/H5PLpkg.h @@ -94,7 +94,7 @@ # define H5PL_HANDLE void * /* Get a handle to a plugin library. Windows: TEXT macro handles Unicode strings */ -# define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY) +# define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY | RTLD_LOCAL) /* Get the address of a symbol in dynamic library */ # define H5PL_GET_LIB_FUNC(H,N) dlsym(H,N) |