GenWQE: Adressing a potential security hole. Disable ZLIB_PATH env va…

…riable to influence which libz.so is being used for software fallback

Signed-off-by: Frank Haverkamp <[email protected]>

lib/software.c

@@ -29,6 +29,8 @@
 #include <dlfcn.h>
 #include <wrapper.h>
 
+#undef CONFIG_USE_ZLIB_PATH_ENV_VAR
+
 /* older zlibs might not have this */
 #ifndef z_off64_t
 #  define z_off64_t off64_t
@@ -594,16 +596,27 @@ const z_crc_t *get_crc_table()
 void zedc_sw_init(void)
 {
 	char *error;
+
+#ifdef CONFIG_USE_ZLIB_PATH_ENV_VAR
 	const char *zlib_path = getenv("ZLIB_PATH");
 
 	/* User has setup environment variable to find libz.so.1 */
+	/*
+	 * This should be for debugging only. We got a report that
+	 * this mechanism is critical from a security perspective,
+	 * since it allows to execute arbitrary code if being misused.
+	 *
+	 * See also:
+	 *   https://github.com/ibm-genwqe/genwqe-user/issues/156
+	 */
 	if (zlib_path != NULL) {
 		sw_trace("Loading software zlib \"%s\"\n", zlib_path);
 		dlerror();
 		handle = dlopen(zlib_path, RTLD_LAZY);
 		if (handle != NULL)
 			goto load_syms;
 	}
+#endif
 
 	/* We saw dlopen returning non NULL value in case of passing ""! */
 	if (strcmp(CONFIG_ZLIB_PATH, "") == 0) {
@@ -621,7 +634,9 @@ void zedc_sw_init(void)
 		return;
 	}
 
+#ifdef CONFIG_USE_ZLIB_PATH_ENV_VAR
 load_syms:
+#endif
 	register_sym(zlibVersion);
 
 	sw_trace("  ZLIB_VERSION=%s (header) zlibVersion()=%s (code)\n",