fix theoretical out-of-bound access in dynamic linker

one of the arguments to memcmp may be shorter than the length l-3, and
memcmp is under no obligation not to access past the first byte that
differs. instead use strncmp which conveys the correct semantics. the
performance difference is negligible here and since the code is only
use for shared libc, both functions are already linked anyway.

diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 814f5c7e4ec0da2be423463f630730e9df06fa00..2f399a57cd20a0a4b314e17a49346b29eb443406 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -467,7 +467,7 @@ static struct dso *load_library(const char *name)
                char *z = strchr(name, '.');
                if (z) {
                        size_t l = z-name;
-                       for (rp=reserved; *rp && memcmp(name+3, rp, l-3); rp+=strlen(rp)+1);
+                       for (rp=reserved; *rp && strncmp(name+3, rp, l-3); rp+=strlen(rp)+1);
                        if (*rp) {
                                if (ldd_mode) {
                                        /* Track which names have been resolved