public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed
* [COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed.
@ 2014-11-18  8:58 Mark Wielaard
  0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2014-11-18  8:58 UTC (permalink / raw)
  To: elfutils-devel

[-- Attachment #1: Type: text/plain, Size: 2170 bytes --]

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libelf/ChangeLog       | 5 +++++
 libelf/version_xlate.h | 8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 9ae24a9..c7e8d30 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-18  Mark Wielaard  <mjw@redhat.com>
+
+	* version_xlate.h (elf_cvt_Verdef): Check for overflow.
+	(elf_cvt_Verneed): Likewise.
+
 2014-11-17  Mark Wielaard  <mjw@redhat.com>
 
 	* elf-knowledge.h (SECTION_STRIP_P): Check name is not NULL.
diff --git a/libelf/version_xlate.h b/libelf/version_xlate.h
index 935f77a..16eaa19 100644
--- a/libelf/version_xlate.h
+++ b/libelf/version_xlate.h
@@ -61,7 +61,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
       GElf_Verdaux *asrc;
 
       /* Test for correct offset.  */
-      if (def_offset + sizeof (GElf_Verdef) > len)
+      if (def_offset > len || len - def_offset < sizeof (GElf_Verdef))
 	return;
 
       /* Work the tree from the first record.  */
@@ -90,7 +90,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
 	  GElf_Verdaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset + sizeof (GElf_Verdaux) > len)
+	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Verdaux))
 	    return;
 
 	  adest = (GElf_Verdaux *) ((char *) dest + aux_offset);
@@ -155,7 +155,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
       GElf_Vernaux *asrc;
 
       /* Test for correct offset.  */
-      if (need_offset + sizeof (GElf_Verneed) > len)
+      if (need_offset > len || len - need_offset < sizeof (GElf_Verneed))
 	return;
 
       /* Work the tree from the first record.  */
@@ -182,7 +182,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
 	  GElf_Vernaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset + sizeof (GElf_Vernaux) > len)
+	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Vernaux))
 	    return;
 
 	  adest = (GElf_Vernaux *) ((char *) dest + aux_offset);
-- 
1.8.3.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-11-18  8:58 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-18  8:58 [COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed Mark Wielaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).