untrusted comment: verify with openbsd-65-base.pub

untrusted comment: verify with openbsd-65-base.pub
RWSZaRmt1LEQT3kReh6/cjCR/7pax79ZCqq0gf4Hc3+k2niDthH6uj+9rK5LNvzflWf54udoiHYotBCBvGd4xGMdI4LLAhOK4wk=

OpenBSD 6.5 errata 024, December 11, 2019:

ld.so may fail to remove the LD_LIBRARY_PATH environment variable for
set-user-ID and set-group-ID executables in low memory conditions.

Apply by doing:
signify -Vep /etc/signify/openbsd-65-base.pub -x 024_ldso.patch.sig \
-m - | (cd /usr/src && patch -p0)

And then rebuild and install ld.so:
cd /usr/src/libexec/ld.so
make obj
make
make install

Index: libexec/ld.so/loader.c
===================================================================
RCS file: /cvs/src/libexec/ld.so/loader.c,v
diff -u -p -u -r1.177 loader.c
--- libexec/ld.so/loader.c 3 Dec 2018 05:29:56 -0000 1.177
+++ libexec/ld.so/loader.c 11 Dec 2019 17:06:10 -0000
@@ -213,13 +213,14 @@ char *__progname = NULL;
void
_dl_setup_env(const char *argv0, char **envp)
{
+ char *libpath;
static char progname_storage[NAME_MAX+1] = "";

/*
* Get paths to various things we are going to use.
*/
_dl_debug = _dl_getenv("LD_DEBUG", envp) != NULL;
- _dl_libpath = _dl_split_path(_dl_getenv("LD_LIBRARY_PATH", envp));
+ libpath = _dl_getenv("LD_LIBRARY_PATH", envp);
_dl_preload = _dl_getenv("LD_PRELOAD", envp);
_dl_bindnow = _dl_getenv("LD_BIND_NOW", envp) != NULL;
_dl_traceld = _dl_getenv("LD_TRACE_LOADED_OBJECTS", envp) != NULL;
@@ -233,9 +234,8 @@ _dl_setup_env(const char *argv0, char **
*/
_dl_trust = !_dl_issetugid();
if (!_dl_trust) { /* Zap paths if s[ug]id... */
- if (_dl_libpath) {
- _dl_free_path(_dl_libpath);
- _dl_libpath = NULL;
+ if (libpath) {
+ libpath = NULL;
_dl_unsetenv("LD_LIBRARY_PATH", envp);
}
if (_dl_preload) {
@@ -251,6 +251,8 @@ _dl_setup_env(const char *argv0, char **
_dl_unsetenv("LD_DEBUG", envp);
}
}
+ if (libpath)
+ _dl_libpath = _dl_split_path(libpath);
environ = envp;

_dl_trace_setup(envp);