From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 065A138C00D; Thu, 16 Mar 2023 19:17:28 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 065A138C00D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1678983448; bh=NC9WEDtpqLEfOJmjYU6q2zC4XBQ+6uGpjvXRijErfrU=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=kayAd+i7U8M+150XNZ0JgQLojd2RRVXBg5e5A8Oyz12S/277cl3a4H5L5POKwcGbZ hTk742zAJ67msJb+hEsiOGBeIYXtSaYafW+xx3K9swAqEMXyM8C2NHbBm0xPxRBQId kp6Yti2mBkX2haGpJP2uQc/wlVp/MUm5aMqv+mew= Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 8C12932550E for ; Thu, 16 Mar 2023 19:17:26 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8C12932550E Received: by mail-lf1-f43.google.com with SMTP id y20so3061465lfj.2 for ; Thu, 16 Mar 2023 09:17:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678983445; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DSyhuRiJsECU0biSkeRBfDSzJ2gVfirm3KkH25GpewU=; b=CceglUf7bZ9HvyrClF/LLd0ez7AaD0eb7e+PJE+phuerl4eZByFNpTfenjwPxXaw2q gejkXi5xD3ANesrkxP7/yd55UZiwKSL67/SB0I41yyNkBbijcOp4d5XSiV8BXF/mVlx6 52FAJKLx++Q6kQrPZnOWRJdQUBzoJz8x96Bl9Zqb57e9CIGkhF++G7F2juW6uYzt0YBu QlzfkTWiFDvTkxMOajyJFjtaPTUW4r02tEgxwisNyfmZoJBRaJIAJrUWGK0TXCObz8Zt mOD1YorxcLduFZF0mWCsn/GHugQKiuajxR2SLqvtX1gSj5LrskC4w85Ob/Hu1SdkwL+4 KsVQ== X-Gm-Message-State: AO0yUKXpZWw2trDf76jk3zoOwziDUQjy6WaqOqkOpp0IE4w5JlEWvVS6 Ylm7dgRVpn2hirqW+4VaD2zDJu3A2Rk= X-Google-Smtp-Source: AK7set8XLP5aXETtEHxQS+hyerU608+o6L4VbY9PBNrK0L0Ou1m+d4VTnJwT2ZonwWG+6pDqmE+6CQ== X-Received: by 2002:ac2:43c2:0:b0:4dd:a718:31dd with SMTP id u2-20020ac243c2000000b004dda71831ddmr3281070lfl.12.1678983445337; Thu, 16 Mar 2023 09:17:25 -0700 (PDT) Received: from localhost.localdomain ([185.205.79.48]) by smtp.gmail.com with ESMTPSA id m25-20020a056512015900b004db44f782aesm1281775lfo.4.2023.03.16.09.17.23 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 16 Mar 2023 09:17:24 -0700 (PDT) To: tarantool-patches@dev.tarantool.org, sergos@tarantool.org, skaplun@tarantool.org, m.kokryashkin@tarantool.org Date: Thu, 16 Mar 2023 19:17:18 +0300 Message-Id: <20230316161720.78669-1-max.kokryashkin@gmail.com> X-Mailer: git-send-email 2.37.1 (Apple Git-137.1) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH luajit] Limit path length passed to C library loader. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Maksim Kokryashkin via Tarantool-patches Reply-To: Maksim Kokryashkin Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall (cherry-picked from commit 90e65514dda3994253c1e3007f63da7ace8f6b7b) C library loader uses `dlopen` under the hood, which fails, if provided library path is longer than PATH_MAX. PATH_MAX is 4096 bytes by default, so a corresponsing check is added to `ll_loadfunc`. Maxim Kokryashkin: * added the description and the test for the problem Part of tarantool/tarantool#8069 --- Side note: Still no adequate constants like PATH_MAX... Side note: There is no test for successfull loadlib, since there is one in the PUC-Rio suite. Branch: https://github.com/tarantool/luajit/tree/fckxorg/c-library-path-length PR: https://github.com/tarantool/tarantool/pull/8449 src/lib_package.c | 7 ++++++- test/tarantool-tests/c-library-path-length.test.lua | 13 +++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/c-library-path-length.test.lua diff --git a/src/lib_package.c b/src/lib_package.c index 8573b9f9..67959a10 100644 --- a/src/lib_package.c +++ b/src/lib_package.c @@ -215,7 +215,12 @@ static const char *mksymname(lua_State *L, const char *modname, static int ll_loadfunc(lua_State *L, const char *path, const char *name, int r) { - void **reg = ll_register(L, path); + void **reg; + if (strlen(path) >= 4096) { + lua_pushliteral(L, "path too long"); + return PACKAGE_ERR_LIB; + } + reg = ll_register(L, path); if (*reg == NULL) *reg = ll_load(L, path, (*name == '*')); if (*reg == NULL) { return PACKAGE_ERR_LIB; /* Unable to load library. */ diff --git a/test/tarantool-tests/c-library-path-length.test.lua b/test/tarantool-tests/c-library-path-length.test.lua new file mode 100644 index 00000000..11dd0cf4 --- /dev/null +++ b/test/tarantool-tests/c-library-path-length.test.lua @@ -0,0 +1,13 @@ +local tap = require('tap') +local test = tap.test('c-library-path-length') +test:plan(2) + +-- It doesn't really matter how long that string is, if it is longer than 4096. +local long_path = string.rep('/path', 1024) +package.cpath = long_path + +local res, err = package.loadlib(long_path, 'func') +test:ok(res == nil, 'loaded library with a too large path') +test:like(err, 'path too long', 'incorrect error') + +os.exit(test:check() and 0 or 1) -- 2.37.1 (Apple Git-137.1)