From cecaed97f7987266d74dff90448d02c586d14052 Mon Sep 17 00:00:00 2001 From: Allen Byrne Date: Wed, 12 Aug 2020 16:14:44 -0500 Subject: HDFFV-11127 - force RTLD_LOCAL in dlopen --- release_docs/RELEASE.txt | 15 ++++++++++++--- src/H5PLpkg.h | 2 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 7ccdbe9..2217b5a 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -349,9 +349,9 @@ New Features added to the libhdf5.settings file. Autotools: - + An --enable-file-locking=(yes|no|best-effort) option has been added. - + yes: Use file locking. no: Do not use file locking. best-effort: Use file locking and ignore "disabled" errors. @@ -765,6 +765,15 @@ Bug Fixes since HDF5-1.10.3 release Library ------- + - Explicitly declared dlopen to use RTLD_LOCAL + + dlopen documentation states that f neither RTLD_GLOBAL nor + RTLD_LOCAL are specified, then the default behavior is unspecified. + The default on linux is usually RTLD_LOCAL while macos will default + to RTLD_GLOBAL. + + (ADB - 2020/08/12, HDFFV-11127) + - Fixed issues CVE-2018-13870 and CVE-2018-13869 When a buffer overflow occurred because a name length was corrupted @@ -774,7 +783,7 @@ Bug Fixes since HDF5-1.10.3 release locations to prevent the crashes and h5dump now simply fails with an error message when this error condition occurs. - (BMR - 2020/7/22, HDFFV-11120 and HDFFV-11121) + (BMR - 2020/07/22, HDFFV-11120 and HDFFV-11121) - Fixed the segmentation fault when reading attributes with multiple threads diff --git a/src/H5PLpkg.h b/src/H5PLpkg.h index 8c2367f..a086a2c 100644 --- a/src/H5PLpkg.h +++ b/src/H5PLpkg.h @@ -95,7 +95,7 @@ # define H5PL_HANDLE void * /* Get a handle to a plugin library. Windows: TEXT macro handles Unicode strings */ -# define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY) +# define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY | RTLD_LOCAL) /* Get the address of a symbol in dynamic library */ # define H5PL_GET_LIB_FUNC(H,N) dlsym(H,N) -- cgit v0.12