libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]

Commit c402355dfa7807b8e0adb27c009135a7e2b9f1b0 ("libio: Disable
vtable validation in case of interposition [BZ #23313]") only covered
the interposable glibc 2.1 handles, in libio/stdfiles.c.  The
parallel code in libio/oldstdfiles.c needs similar detection logic.

Fixes (again) commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51
("libio: Implement vtable verification [BZ #20191]").

Change-Id: Ief6f9f17e91d1f7263421c56a7dc018f4f595c21
(cherry picked from commit cb61630ed712d033f54295f776967532d3f4b46a)

2 files changed, 6 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 89adc868bb..3ccaae3968 100644
--- a/NEWS
+++ b/NEWS
@@ -188,6 +188,7 @@ The following bugs are resolved with this release:
   [24027] malloc: Integer overflow in realloc
   [24097] Can't use 64-bit register for size_t in assembly codes for x32 (CVE-2019-6488)
   [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
+  [25203] libio: Disable vtable validation for pre-2.1 interposed handles
   [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs
 
 
diff --git a/libio/oldstdfiles.c b/libio/oldstdfiles.c
index bed7bceca2..82ba986367 100644
--- a/libio/oldstdfiles.c
+++ b/libio/oldstdfiles.c
@@ -87,6 +87,11 @@ _IO_check_libio (void)
 	stdout->_vtable_offset = stderr->_vtable_offset =
 	((int) sizeof (struct _IO_FILE)
 	 - (int) sizeof (struct _IO_FILE_complete));
+
+      if (_IO_stdin_.vtable != &_IO_old_file_jumps
+	  || _IO_stdout_.vtable != &_IO_old_file_jumps
+	  || _IO_stderr_.vtable != &_IO_old_file_jumps)
+	IO_set_accept_foreign_vtables (&_IO_vtable_check);
     }
 }