[Midnightbsd-cvs] src [8997] trunk/sys/kern/imgact_elf.c: fix two overflows.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Sep 29 21:32:43 EDT 2016
Revision: 8997
http://svnweb.midnightbsd.org/src/?rev=8997
Author: laffer1
Date: 2016-09-29 21:32:43 -0400 (Thu, 29 Sep 2016)
Log Message:
-----------
fix two overflows.
Modified Paths:
--------------
trunk/sys/kern/imgact_elf.c
Modified: trunk/sys/kern/imgact_elf.c
===================================================================
--- trunk/sys/kern/imgact_elf.c 2016-09-30 01:32:23 UTC (rev 8996)
+++ trunk/sys/kern/imgact_elf.c 2016-09-30 01:32:43 UTC (rev 8997)
@@ -653,9 +653,8 @@
}
/* Only support headers that fit within first page for now */
- /* (multiplication of two Elf_Half fields will not overflow) */
if ((hdr->e_phoff > PAGE_SIZE) ||
- (hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE - hdr->e_phoff) {
+ (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
error = ENOEXEC;
goto fail;
}
@@ -737,7 +736,7 @@
*/
if ((hdr->e_phoff > PAGE_SIZE) ||
- (hdr->e_phoff + hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE) {
+ (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
/* Only support headers in first page for now */
return (ENOEXEC);
}
@@ -756,8 +755,8 @@
case PT_INTERP:
/* Path to interpreter */
if (phdr[i].p_filesz > MAXPATHLEN ||
- phdr[i].p_offset >= PAGE_SIZE ||
- phdr[i].p_offset + phdr[i].p_filesz >= PAGE_SIZE)
+ phdr[i].p_offset > PAGE_SIZE ||
+ phdr[i].p_filesz > PAGE_SIZE - phdr[i].p_offset)
return (ENOEXEC);
interp = imgp->image_header + phdr[i].p_offset;
interp_name_len = phdr[i].p_filesz;
@@ -1545,9 +1544,8 @@
const char *note_name;
int i;
- if (pnote == NULL || pnote->p_offset >= PAGE_SIZE ||
- pnote->p_filesz > PAGE_SIZE ||
- pnote->p_offset + pnote->p_filesz >= PAGE_SIZE)
+ if (pnote == NULL || pnote->p_offset > PAGE_SIZE ||
+ pnote->p_filesz > PAGE_SIZE - pnote->p_offset)
return (FALSE);
note = note0 = (const Elf_Note *)(imgp->image_header + pnote->p_offset);
More information about the Midnightbsd-cvs
mailing list