fix dynamic linker handling of empty path file or error reading path file

previously, the path string was being used despite being invalid. with
this change, empty path file or error reading the path file is treated
as an empty path. this is preferable to falling back to a default
path, so that attacks to prevent reading of the path file could not
result in loading incorrect and possibly dangerous (outdated or
mismatching ABI) libraries from.

the code to strip the final newline has also been removed; now that
newline is accepted as a delimiter, it's harmless to leave it in
place.

diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 8472343a9285a9c96935b06827ead88585e44fe8..eac07d9c5425066b559ff902056b17d43c49c5fe 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -478,10 +478,9 @@ static struct dso *load_library(const char *name)
                        if (!sys_path) {
                                FILE *f = fopen(ETC_LDSO_PATH, "rbe");
                                if (f) {
-                                       if (getdelim(&sys_path, (size_t[1]){0}, 0, f) > 0) {
-                                               size_t l = strlen(sys_path);
-                                               if (l && sys_path[l-1]=='\n')
-                                                       sys_path[l-1] = 0;
+                                       if (getdelim(&sys_path, (size_t[1]){0}, 0, f) <= 0) {
+                                               if (sys_path) free(sys_path);
+                                               sys_path = "";
                                        }
                                        fclose(f);
                                }