[Bug 206749] Lack of checks on values in ELF headers in kernel linker

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Jan 30 08:02:14 UTC 2016


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206749

CTurt <cturt at hardenedbsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |Not A Bug
             Status|New                         |Closed

--- Comment #2 from CTurt <cturt at hardenedbsd.org> ---
Sorry, made a little mistake in my report, in `link_elf_ctf_get` and
`link_elf_ctf_get` the `e_shentsize` member is checked:

    hdr->e_shentsize != sizeof(Elf_Shdr);

It doesn't matter than `e_shnum` isn't checked because it is impossible to get
`nlen` to overflow with this small `e_shentsize`.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list