[Bug 206749] Lack of checks on values in ELF headers in kernel linker

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Jan 30 08:02:14 UTC 2016


CTurt <cturt at hardenedbsd.org> changed:

           What    |Removed                     |Added
         Resolution|---                         |Not A Bug
             Status|New                         |Closed

--- Comment #2 from CTurt <cturt at hardenedbsd.org> ---
Sorry, made a little mistake in my report, in `link_elf_ctf_get` and
`link_elf_ctf_get` the `e_shentsize` member is checked:

    hdr->e_shentsize != sizeof(Elf_Shdr);

It doesn't matter than `e_shnum` isn't checked because it is impossible to get
`nlen` to overflow with this small `e_shentsize`.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list