libsandbox: save/restore errno for hardenedv1.3.9

Since hardened systems may return -1 in the case of an error, but this
isn't a "real" error, we need to save/restore errno.  Otherwise we corrupt
the errno value of the caller.  This is a regression on hardened systems
due to the recent commit bab59e2c which optimized symbol loading a bit.

URL: http://bugs.gentoo.org/260765
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Magnus Granberg <zorry@ume.nu>

1 files changed, 4 insertions, 0 deletions

diff --git a/libsandbox/wrappers.c b/libsandbox/wrappers.c
index 29bd9d4..6094f51 100644
--- a/libsandbox/wrappers.c
+++ b/libsandbox/wrappers.c
@@ -32,10 +32,13 @@ static void *get_dlsym(const char *symname, const char *symver)
 	/* Checking for -1UL is significant on hardened!
 	 * USE_RTLD_NEXT returns it as a sign of being unusable.
 	 * However using !x or NULL checks does NOT pick it up!
+	 * That is also why we need to save/restore errno #260765.
 	 */
 #define INVALID_LIBC_HANDLE(x) (!x || NULL == x || (void *)-1UL == x)
 	if (INVALID_LIBC_HANDLE(libc_handle)) {
+		save_errno();
 		libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY);
+		restore_errno();
 		if (INVALID_LIBC_HANDLE(libc_handle)) {
 			fprintf(stderr, "libsandbox:  Can't dlopen libc: %s\n",
 				dlerror());
@@ -48,6 +51,7 @@ static void *get_dlsym(const char *symname, const char *symver)
 		symaddr = dlsym(libc_handle, symname);
 	else
 		symaddr = dlvsym(libc_handle, symname, symver);
+
 	if (!symaddr) {
 		fprintf(stderr, "libsandbox:  Can't resolve %s: %s\n",
 			symname, dlerror());