From 43b21e9bb68199ebc46ea8e465052328bcb941e4 Mon Sep 17 00:00:00 2001 From: Allen Byrne Date: Wed, 12 Aug 2020 16:20:42 -0500 Subject: HDFFV-11127 - force RTLD_LOCAL in dlopen --- release_docs/RELEASE.txt | 25 +++++++++++++++++-------- src/H5PL.c | 22 +++++++++++----------- 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index d93413c..2bff239 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -319,9 +319,9 @@ New Features Fortran API ----------- - - Corrected INTERFACE INTENT(IN) to INTENT(OUT) for buf_size in h5fget_file_image_f. - - (MSB - 2020/2/18, HDFFV-11029) + - Corrected INTERFACE INTENT(IN) to INTENT(OUT) for buf_size in h5fget_file_image_f. + + (MSB - 2020/2/18, HDFFV-11029) C++ API @@ -354,6 +354,15 @@ Bug Fixes since HDF5-1.8.21 Library ------- + - Explicitly declared dlopen to use RTLD_LOCAL + + dlopen documentation states that f neither RTLD_GLOBAL nor + RTLD_LOCAL are specified, then the default behavior is unspecified. + The default on linux is usually RTLD_LOCAL while macos will default + to RTLD_GLOBAL. + + (ADB - 2020/08/12, HDFFV-11127) + - Fixed issues CVE-2018-13870 and CVE-2018-13869 When a buffer overflow occurred because a name length was corrupted @@ -368,7 +377,7 @@ Bug Fixes since HDF5-1.8.21 - Fixed the segmentation fault when reading attributes with multiple threads It was reported that the reading of attributes with variable length string - datatype will crash with segmentation fault particularly when the number of + datatype will crash with segmentation fault particularly when the number of threads is high (>16 threads). The problem was due to the file pointer that was set in the variable length string datatype for the attribute. That file pointer was already closed when the attribute was accessed. @@ -443,15 +452,15 @@ Bug Fixes since HDF5-1.8.21 Tools ----- - - h5repack was fixed to repack the reference attributes properly. - The code line that checks if the update of reference inside a compound - datatype is misplaced outside the code block loop that carries out the + - h5repack was fixed to repack the reference attributes properly. + The code line that checks if the update of reference inside a compound + datatype is misplaced outside the code block loop that carries out the check. In consequence, the next attribute that is not the reference type was repacked again as the reference type and caused the failure of repacking. The fix is to move the corresponding code line to the correct code block. - (KY -2020/02/05, HDFFV-11014) + (KY -2020/02/05, HDFFV-11014) - h5repack was fixed to repack datasets with external storage diff --git a/src/H5PL.c b/src/H5PL.c index 5d750fa..71ff0f8 100644 --- a/src/H5PL.c +++ b/src/H5PL.c @@ -103,7 +103,7 @@ typedef const void *(__cdecl *H5PL_get_plugin_info_t)(void); #define H5PL_HANDLE void * /* Get a handle to a plugin library. Windows: TEXT macro handles Unicode strings */ -#define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY) +#define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY | RTLD_LOCAL)) /* Get the address of a symbol in dynamic library */ #define H5PL_GET_LIB_FUNC(H,N) dlsym(H,N) @@ -173,7 +173,7 @@ static hbool_t H5PL_path_found_g = FALSE; /* Enable all plugin libraries */ static unsigned int H5PL_plugin_g = H5PL_ALL_PLUGIN; - + /*-------------------------------------------------------------------------- NAME H5PL__init_interface -- Initialize interface-specific information @@ -204,7 +204,7 @@ H5PL__init_interface(void) FUNC_LEAVE_NOAPI(SUCCEED) } /* end H5PL__init_interface() */ - + /*------------------------------------------------------------------------- * Function: H5PLset_loading_state * @@ -246,7 +246,7 @@ done: FUNC_LEAVE_API(ret_value) } /* end H5PLset_loading_state() */ - + /*------------------------------------------------------------------------- * Function: H5PLget_loading_state * @@ -274,7 +274,7 @@ done: FUNC_LEAVE_API(ret_value) } /* end H5PLget_loading_state() */ - + /*------------------------------------------------------------------------- * Function: H5PL_term_interface * @@ -324,7 +324,7 @@ H5PL_term_interface(void) FUNC_LEAVE_NOAPI(i) } /* end H5PL_term_interface() */ - + /*------------------------------------------------------------------------- * Function: H5PL_load * @@ -395,7 +395,7 @@ done: FUNC_LEAVE_NOAPI(ret_value) } /* end H5PL_load() */ - + /*------------------------------------------------------------------------- * Function: H5PLappend * @@ -704,7 +704,7 @@ done: FUNC_LEAVE_NOAPI(ret_value) } /* end H5PL__init_path_table() */ - + /*------------------------------------------------------------------------- * Function: H5PL__find * @@ -838,7 +838,7 @@ done: } /* end H5PL__find() */ #endif /* H5_HAVE_WIN32_API */ - + /*------------------------------------------------------------------------- * Function: H5PL__open * @@ -926,7 +926,7 @@ done: FUNC_LEAVE_NOAPI(ret_value) } /* end H5PL__open() */ - + /*------------------------------------------------------------------------- * Function: H5PL__search_table * @@ -974,7 +974,7 @@ done: FUNC_LEAVE_NOAPI(ret_value) } /* end H5PL__search_table() */ - + /*------------------------------------------------------------------------- * Function: H5PL__close * -- cgit v0.12 From 89df7cadf0d0fb79749ecfc791770d04e400af15 Mon Sep 17 00:00:00 2001 From: Allen Byrne Date: Thu, 13 Aug 2020 06:21:44 -0500 Subject: spelling --- release_docs/RELEASE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 2bff239..50a2f5e 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -356,7 +356,7 @@ Bug Fixes since HDF5-1.8.21 ------- - Explicitly declared dlopen to use RTLD_LOCAL - dlopen documentation states that f neither RTLD_GLOBAL nor + dlopen documentation states that if neither RTLD_GLOBAL nor RTLD_LOCAL are specified, then the default behavior is unspecified. The default on linux is usually RTLD_LOCAL while macos will default to RTLD_GLOBAL. -- cgit v0.12