|
Added
Link Here
|
| 1 |
--- libpkg/pkg_elf.c.orig 2021-11-12 08:57:25 UTC |
| 2 |
+++ libpkg/pkg_elf.c |
| 3 |
@@ -53,6 +53,7 @@ |
| 4 |
#endif |
| 5 |
#include <paths.h> |
| 6 |
#include <stdbool.h> |
| 7 |
+#include <stdlib.h> |
| 8 |
#include <string.h> |
| 9 |
#include <unistd.h> |
| 10 |
#ifdef HAVE_LIBELF |
| 11 |
@@ -86,7 +87,8 @@ static int elf_string_to_corres(const struct _elf_corr |
| 12 |
static int |
| 13 |
filter_system_shlibs(const char *name, char *path, size_t pathlen) |
| 14 |
{ |
| 15 |
- const char *shlib_path; |
| 16 |
+ const char *shlib_path, *check_path; |
| 17 |
+ char resolved_path[PATH_MAX+1]; |
| 18 |
|
| 19 |
shlib_path = shlib_list_find_by_name(name); |
| 20 |
if (shlib_path == NULL) { |
| 21 |
@@ -94,13 +96,25 @@ filter_system_shlibs(const char *name, char *path, siz |
| 22 |
return (EPKG_FATAL); |
| 23 |
} |
| 24 |
|
| 25 |
+ check_path = shlib_path; |
| 26 |
+ |
| 27 |
+ if (*check_path != '/' || |
| 28 |
+ strstr(check_path, "/../") != NULL || |
| 29 |
+ strstr(check_path, "/./") != NULL || |
| 30 |
+ strstr(check_path, "//") != NULL) { |
| 31 |
+ memset(resolved_path, 0, sizeof(resolved_path)); |
| 32 |
+ if (realpath(check_path, resolved_path) != NULL) { |
| 33 |
+ check_path = (const char *)resolved_path; |
| 34 |
+ } |
| 35 |
+ } |
| 36 |
+ |
| 37 |
if (pkg_object_bool(pkg_config_get("ALLOW_BASE_SHLIBS"))) { |
| 38 |
- if (strstr(shlib_path, "/lib32/") != NULL) |
| 39 |
+ if (strstr(check_path, "/lib32/") != NULL) |
| 40 |
return (EPKG_END); |
| 41 |
} else { |
| 42 |
/* match /lib, /lib32, /usr/lib and /usr/lib32 */ |
| 43 |
- if (strncmp(shlib_path, "/lib", 4) == 0 || |
| 44 |
- strncmp(shlib_path, "/usr/lib", 8) == 0) |
| 45 |
+ if (strncmp(check_path, "/lib", 4) == 0 || |
| 46 |
+ strncmp(check_path, "/usr/lib", 8) == 0) |
| 47 |
return (EPKG_END); /* ignore libs from base */ |
| 48 |
} |
| 49 |
|