[Midnightbsd-cvs] src [7172] trunk/lib/libelf/elf_scn.c: Avoid integer overflow and reading past EOF with elf headers.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Jul 26 17:59:34 EDT 2015
Revision: 7172
http://svnweb.midnightbsd.org/src/?rev=7172
Author: laffer1
Date: 2015-07-26 17:59:33 -0400 (Sun, 26 Jul 2015)
Log Message:
-----------
Avoid integer overflow and reading past EOF with elf headers.
Obtained from: FreeBSD 10-stable
Modified Paths:
--------------
trunk/lib/libelf/elf_scn.c
Modified: trunk/lib/libelf/elf_scn.c
===================================================================
--- trunk/lib/libelf/elf_scn.c 2015-07-26 21:50:20 UTC (rev 7171)
+++ trunk/lib/libelf/elf_scn.c 2015-07-26 21:59:33 UTC (rev 7172)
@@ -31,6 +31,7 @@
#include <errno.h>
#include <gelf.h>
#include <libelf.h>
+#include <stdint.h>
#include <stdlib.h>
#include "_libelf.h"
@@ -55,8 +56,10 @@
assert((e->e_flags & LIBELF_F_SHDRS_LOADED) == 0);
#define CHECK_EHDR(E,EH) do { \
- if (fsz != (EH)->e_shentsize || \
- shoff + fsz * shnum > e->e_rawsize) { \
+ if (shoff > e->e_rawsize || \
+ fsz != (EH)->e_shentsize || \
+ shnum > SIZE_MAX / fsz || \
+ fsz * shnum > e->e_rawsize - shoff) { \
LIBELF_SET_ERROR(HEADER, 0); \
return (0); \
} \
More information about the Midnightbsd-cvs
mailing list