svn commit: r277558 - stable/10/lib/libelf
Ed Maste
emaste at FreeBSD.org
Fri Jan 23 04:07:08 UTC 2015
Author: emaste
Date: Fri Jan 23 04:07:07 2015
New Revision: 277558
URL: https://svnweb.freebsd.org/changeset/base/277558
Log:
libelf: Improve ELF header validation
Avoid integer overflow and reading past EOF.
MFC of r276427, r276443, r277249 from contrib/elftoolchain.
Modified:
stable/10/lib/libelf/elf_scn.c
Modified: stable/10/lib/libelf/elf_scn.c
==============================================================================
--- stable/10/lib/libelf/elf_scn.c Fri Jan 23 02:39:00 2015 (r277557)
+++ stable/10/lib/libelf/elf_scn.c Fri Jan 23 04:07:07 2015 (r277558)
@@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
#include <errno.h>
#include <gelf.h>
#include <libelf.h>
+#include <stdint.h>
#include <stdlib.h>
#include "_libelf.h"
@@ -55,8 +56,10 @@ _libelf_load_scn(Elf *e, void *ehdr)
assert((e->e_flags & LIBELF_F_SHDRS_LOADED) == 0);
#define CHECK_EHDR(E,EH) do { \
- if (fsz != (EH)->e_shentsize || \
- shoff + fsz * shnum > e->e_rawsize) { \
+ if (shoff > e->e_rawsize || \
+ fsz != (EH)->e_shentsize || \
+ shnum > SIZE_MAX / fsz || \
+ fsz * shnum > e->e_rawsize - shoff) { \
LIBELF_SET_ERROR(HEADER, 0); \
return (0); \
} \
More information about the svn-src-stable-10
mailing list