Branch: v3.5.13-sru

08bb8ed1 2015-12-12 17:33:16 François Andriot 
Fix security issue CVE-2009-3736
(cherry picked from commit 7aeb4e9d71aeb59db6a2e40c271536fcff6b1e0e)
M ltdl.c
 
diff --git a/ltdl.c b/ltdl.c
index 1bf7a12..be6ce43 100644
--- a/ltdl.c
+++ b/ltdl.c
@@ -1459,9 +1459,10 @@
 }
 
 static int
-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
      lt_dlhandle *handle;
      const char *filename;
+     const char *useloader;
 {
   lt_dlhandle	 cur;
   lt_dlloader   *loader;
@@ -1519,6 +1520,11 @@
 
   while (loader)
     {
+      if (useloader && strcmp(loader->loader_name, useloader))
+	{
+	  loader = loader->next;
+	  continue;
+	}
       lt_user_data data = loader->dlloader_data;
 
       cur->module = loader->module_open (data, filename);
@@ -1561,7 +1567,7 @@
   /* try to open the old library first; if it was dlpreopened,
      we want the preopened version of it, even if a dlopenable
      module is available */
-  if (old_name && tryall_dlopen(handle, old_name) == 0)
+  if (old_name && tryall_dlopen(handle, old_name, "dlpreload") == 0)
     {
       return 0;
     }
@@ -1584,7 +1590,7 @@
 	    }
 
 	  sprintf (filename, "%s/%s", libdir, dlname);
-	  error = (tryall_dlopen (handle, filename) != 0);
+	  error = (tryall_dlopen (handle, filename, NULL) != 0);
 	  LT_DLFREE (filename);
 
 	  if (!error)
@@ -1616,7 +1622,7 @@
 	  strcat(filename, objdir);
 	  strcat(filename, dlname);
 
-	  error = tryall_dlopen (handle, filename) != 0;
+	  error = tryall_dlopen (handle, filename, NULL) != 0;
 	  LT_DLFREE (filename);
 	  if (!error)
 	    {
@@ -1639,7 +1645,7 @@
 	  }
 	strcat(filename, dlname);
 
-	error = (tryall_dlopen (handle, filename) != 0);
+	error = (tryall_dlopen (handle, filename, NULL) != 0);
 	LT_DLFREE (filename);
 	if (!error)
 	  {
@@ -1754,7 +1760,7 @@
       strcpy(filename+lendir, basename);
       if (handle)
 	{
-	  if (tryall_dlopen (handle, filename) == 0)
+	  if (tryall_dlopen (handle, filename, NULL) == 0)
 	    {
 	      result = (lt_ptr) handle;
 	      goto cleanup;
@@ -2068,7 +2074,7 @@
       /* lt_dlclose()ing yourself is very bad!  Disallow it.  */
       LT_DLSET_FLAG (handle, LT_DLRESIDENT_FLAG);
 
-      if (tryall_dlopen (&newhandle, 0) != 0)
+      if (tryall_dlopen (&newhandle, 0, NULL) != 0)
 	{
 	  LT_DLFREE (handle);
 	  return 0;
@@ -2373,7 +2379,7 @@
 #ifdef LTDL_SYSSEARCHPATH
 		      && !find_file (basename, sys_search_path, 0, &newhandle)
 #endif
-		   )) && tryall_dlopen (&newhandle, filename))
+		   )) && tryall_dlopen (&newhandle, filename, NULL))
 	{
 	  LT_DLFREE (handle);
 	  goto cleanup;