[PATCH] lib: prevent RTLD_DEEPBIND if run with libasan

Tue Jul 23 08:16:23 UTC 2019

Updated patch

Please review and push if happy.

Cheers Swen
On Mon, 2019-07-22 at 15:41 +0200, swen via samba-technical wrote:
> While at it, prepare lib code to run with ASAN
> without the need to set the flag LDB_MODULES_DISABLE_DEEPBIND.
> 
> Please review and push if happy.
> 
> Cheers Swen
-------------- next part --------------
From dafcd4879ca595916da6a2ecd5e6ac334aa6c490 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Mon, 22 Jul 2019 15:32:46 +0200
Subject: [PATCH] lib: prevent RTLD_DEEPBIND if run with libasan

If run with ASAN sanitizer we cannot use RTLD_DEEPBIND flag for dlopen.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 lib/ldb/common/ldb_modules.c | 61 +++++++++++++++++++++---------------
 1 file changed, 36 insertions(+), 25 deletions(-)

diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
index cc067abdfe0..25233baf564 100644
--- a/lib/ldb/common/ldb_modules.c
+++ b/lib/ldb/common/ldb_modules.c
@@ -936,10 +936,44 @@ static int ldb_modules_load_path(const char *path, const char *version)
 		dev_t st_dev;
 	} *loaded;
 	struct loaded *le;
-	int dlopen_flags;
+	int dlopen_flags = RTLD_NOW;
 
 #ifdef RTLD_DEEPBIND
-	bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL);
+	const char *env_preload = getenv("LD_PRELOAD");
+	const char *env_deepbind = getenv("LDB_MODULES_DISABLE_DEEPBIND");
+	bool deepbind_enabled = true;
+	/*
+	 * use deepbind if possible, to avoid issues with different
+	 * system library variants, for example ldb modules may be linked
+	 * against Heimdal while the application may use MIT kerberos.
+	 *
+	 * See the dlopen manpage for details.
+	 *
+	 * One typical user is the bind_dlz module of Samba,
+	 * but symbol versioning might be enough...
+	 *
+	 * We need a way to disable this in order to allow the
+	 * ldb_*ldap modules to work with a preloaded socket wrapper.
+	 *
+	 * So in future we may remove this completely
+	 * or at least invert the default behavior.
+	*/
+
+	/* Don't do a deepbind if we run with libasan */
+	if (env_preload != NULL && strlen(env_preload) < 1024) {
+		const char *p = strstr(env_preload, "libasan.so");
+		if (p != NULL) {
+			deepbind_enabled = false;
+		}
+	}
+
+	if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
+		deepbind_enabled = false;
+	}
+
+	if (deepbind_enabled) {
+		dlopen_flags |= RTLD_DEEPBIND;
+	}
 #endif
 
 	ret = stat(path, &st);
@@ -972,29 +1006,6 @@ static int ldb_modules_load_path(const char *path, const char *version)
 		return ldb_modules_load_dir(path, version);
 	}
 
-	dlopen_flags = RTLD_NOW;
-#ifdef RTLD_DEEPBIND
-	/*
-	 * use deepbind if possible, to avoid issues with different
-	 * system library variants, for example ldb modules may be linked
-	 * against Heimdal while the application may use MIT kerberos.
-	 *
-	 * See the dlopen manpage for details.
-	 *
-	 * One typical user is the bind_dlz module of Samba,
-	 * but symbol versioning might be enough...
-	 *
-	 * We need a way to disable this in order to allow the
-	 * ldb_*ldap modules to work with a preloaded socket wrapper.
-	 *
-	 * So in future we may remove this completely
-	 * or at least invert the default behavior.
-	*/
-	if (deepbind_enabled) {
-		dlopen_flags |= RTLD_DEEPBIND;
-	}
-#endif
-
 	handle = dlopen(path, dlopen_flags);
 	if (handle == NULL) {
 		fprintf(stderr, "ldb: unable to dlopen %s : %s\n", path, dlerror());
-- 
2.20.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190723/c03adda4/signature.sig>
