From nobody Wed Oct 19 21:10:11 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mt3KH5D0nz4fTKM; Wed, 19 Oct 2022 21:10:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mt3KH4lMvz3K75; Wed, 19 Oct 2022 21:10:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666213811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=az+Bry1YFH4oCgdo8SOlBEvUrcBBvQsK+RbBmNTJsz8=; b=HkPmlm5lSjhHZwzK8e62TXIzGwr8jQWxONKjfXnH2dORsGBF9zz6fnfCdqkh2nZl81fc4o bEepNtXKjC/swnUJbotN0rLTL1IPG1kiI6LYQtlc41bD1R72q1BS8iyoRo7bZJstG9PzS1 gqdF3GyUavfjnZ0pnASszyyqhnyrAnB/yEu/DRN/ioHwP3vT+A/j0r5waLPwQdxUpOhUfR f32esg3TWUz4OvVv/C8BMb2m5MovT6zTgROhtVBXe2mU6hRKbBL+0pQmO96ZyMooFE6Yma 5+VmzWrwTXSMAfHq3uxqzheo801481vc8hpl1AkBFBLF3QSr/pQbxVIIQDS7Sw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mt3KH3h7fzfVt; Wed, 19 Oct 2022 21:10:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29JLABhN052259; Wed, 19 Oct 2022 21:10:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29JLABFW052256; Wed, 19 Oct 2022 21:10:11 GMT (envelope-from git) Date: Wed, 19 Oct 2022 21:10:11 GMT Message-Id: <202210192110.29JLABFW052256@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Simon J. Gerraty" Subject: git: b541e44b7c30 - stable/12 - ldd: guard against stack overflow reading corrupted files. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sjg X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: b541e44b7c30d56b445dd91c8e03cc11488faf48 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666213811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=az+Bry1YFH4oCgdo8SOlBEvUrcBBvQsK+RbBmNTJsz8=; b=En/OxMy0T1vJ7LDB7nhiGU/8Qk1IOz20wY71JhLD23ou6f8/W2MENMhQQo+to9ZpqH4Oa2 bLvKDw1ZXbPjpg+EO3K9aosAI0N2RVxysH4NlR7O8y48LHIR72WGc/jK41IXtB9HgNtgSl OJM3recVPRtCS/as9OPG8Faod+y609mVi9f5a53jvhjTEX6ENOyBN1gN3wmdvfODUFJQp+ pMP8pvZh2xd3BytHHyp1boutDuVDF6iPch9IscTexq0CbD+6js/tdo5oLGXdA+9BZ6dLV/ B3O8uKt9xkRLfzh31P3IEn7RtzWVWgivuJ6j3vD192XXQ3vnpPPuvIhyWvmNsg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1666213811; a=rsa-sha256; cv=none; b=Mhr8qiU3RGZTIgfm+WHFZT+o3+JeWhZ2MGMcv3aUsr3Wg+bRGxDOiothUuuk2cErH4gx44 n/KKMjNgPkDkbhcD+6+0AZmPDlYfORkRDiS/Nm37w6qK4ySBiOeoIYrOvxxlI7DK1YX3xR IAlvFamDUeTWvJXrM0F3p5NdNlSw+lgCW7Z+ggPOxtiEZ14SVh+VIqTtg4w63+DYTUaS2g KYJ7+iIWU5GBeMO17yrCGqV4bl3uYEn46pBKFMfC1RQnRtJ5v0ouhu9oe/pN41bdSltQBq CBJ0a8fZClSQ66KQTA78EcHgY4r9tajuX/5vzuP3Bq3745bDHhmO4SuaPjjb0w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by sjg: URL: https://cgit.FreeBSD.org/src/commit/?id=b541e44b7c30d56b445dd91c8e03cc11488faf48 commit b541e44b7c30d56b445dd91c8e03cc11488faf48 Author: Simon J. Gerraty AuthorDate: 2022-10-19 21:08:43 +0000 Commit: Simon J. Gerraty CommitDate: 2022-10-19 21:08:43 +0000 ldd: guard against stack overflow reading corrupted files. Reviewed by: imp, emaste Reported by: UK National Cyber Security Centre (NCSC) Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D37010 --- usr.bin/ldd/ldd.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/usr.bin/ldd/ldd.c b/usr.bin/ldd/ldd.c index d237850be765..7db8875ed2e3 100644 --- a/usr.bin/ldd/ldd.c +++ b/usr.bin/ldd/ldd.c @@ -335,6 +335,10 @@ is_executable(const char *fname, int fd, int *is_shlib, int *type) warnx("%s: header too short", fname); return (0); } + if (hdr.elf32.e_phentsize != sizeof(phdr32)) { + warnx("%s: corrupt header", fname); + return (0); + } for (i = 0; i < hdr.elf32.e_phnum; i++) { if (read(fd, &phdr32, hdr.elf32.e_phentsize) != sizeof(phdr32)) { @@ -403,6 +407,10 @@ is_executable(const char *fname, int fd, int *is_shlib, int *type) warnx("%s: header too short", fname); return (0); } + if (hdr.elf.e_phentsize != sizeof(phdr)) { + warnx("%s: corrupt header", fname); + return (0); + } for (i = 0; i < hdr.elf.e_phnum; i++) { if (read(fd, &phdr, hdr.elf.e_phentsize) != sizeof(phdr)) {