From 0432680e8c2ecd832038387f92b462dea75e94cc Mon Sep 17 00:00:00 2001
From: Pierre Ynard <linkfanel@yahoo.fr>
Date: Fri, 28 Jun 2013 21:43:42 +0000
Subject: Test for mprotect failure in dl-load.c (bug 12492).

---
 ChangeLog     |  6 ++++++
 NEWS          | 24 ++++++++++++------------
 elf/dl-load.c |  6 +++++-
 3 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4ca386461d..8d81f2d03e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-06-28  Pierre Ynard  <linkfanel@yahoo.fr>
+
+	[BZ #12492]
+	* elf/dl-load.c (_dl_map_object_from_fd): Test for failure of
+	mprotect making __stack_prot writable.
+
 2013-06-28  Nathan Froyd  <froydnj@codesourcery.com>
 	    Joseph Myers  <joseph@codesourcery.com>
 
diff --git a/NEWS b/NEWS
index e7fcf8158b..7fa47f136a 100644
--- a/NEWS
+++ b/NEWS
@@ -10,18 +10,18 @@ Version 2.18
 * The following bugs are resolved with this release:
 
   2546, 2560, 5159, 6809, 7006, 10060, 10062, 10283, 10357, 10686, 11120,
-  11561, 12310, 12387, 12515, 12723, 13550, 13889, 13951, 13988, 14142,
-  14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496, 14582,
-  14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952, 14964,
-  14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006, 15007,
-  15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078, 15084,
-  15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283, 15285,
-  15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337,
-  15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394, 15395,
-  15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429,
-  15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490,
-  15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, 15618,
-  15627, 15631, 15654, 15655, 15666, 15667, 15674.
+  11561, 12310, 12387, 12492, 12515, 12723, 13550, 13889, 13951, 13988,
+  14142, 14176, 14200, 14256, 14280, 14293, 14317, 14327, 14478, 14496,
+  14582, 14686, 14812, 14888, 14894, 14907, 14908, 14909, 14920, 14952,
+  14964, 14981, 14982, 14985, 14991, 14994, 14996, 15000, 15003, 15006,
+  15007, 15014, 15020, 15022, 15023, 15036, 15054, 15055, 15062, 15078,
+  15084, 15085, 15086, 15100, 15160, 15214, 15221, 15232, 15234, 15283,
+  15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336,
+  15337, 15339, 15342, 15346, 15359, 15361, 15366, 15380, 15381, 15394,
+  15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426,
+  15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488,
+  15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583,
+  15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).
diff --git a/elf/dl-load.c b/elf/dl-load.c
index d53ead4db3..655e38ee4b 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1487,7 +1487,11 @@ cannot allocate TLS data structures for initial thread");
 	  if (__builtin_expect (p + s <= relro_end, 1))
 	    {
 	      /* The variable lies in the region protected by RELRO.  */
-	      __mprotect ((void *) p, s, PROT_READ|PROT_WRITE);
+	      if (__mprotect ((void *) p, s, PROT_READ|PROT_WRITE) < 0)
+		{
+		  errstring = N_("cannot change memory protections");
+		  goto call_lose_errno;
+		}
 	      __stack_prot |= PROT_READ|PROT_WRITE|PROT_EXEC;
 	      __mprotect ((void *) p, s, PROT_READ);
 	    }
-- 
cgit v1.2.3