* [COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed.
@ 2014-11-18 8:58 Mark Wielaard
0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2014-11-18 8:58 UTC (permalink / raw)
To: elfutils-devel
[-- Attachment #1: Type: text/plain, Size: 2170 bytes --]
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libelf/ChangeLog | 5 +++++
libelf/version_xlate.h | 8 ++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 9ae24a9..c7e8d30 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-18 Mark Wielaard <mjw@redhat.com>
+
+ * version_xlate.h (elf_cvt_Verdef): Check for overflow.
+ (elf_cvt_Verneed): Likewise.
+
2014-11-17 Mark Wielaard <mjw@redhat.com>
* elf-knowledge.h (SECTION_STRIP_P): Check name is not NULL.
diff --git a/libelf/version_xlate.h b/libelf/version_xlate.h
index 935f77a..16eaa19 100644
--- a/libelf/version_xlate.h
+++ b/libelf/version_xlate.h
@@ -61,7 +61,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
GElf_Verdaux *asrc;
/* Test for correct offset. */
- if (def_offset + sizeof (GElf_Verdef) > len)
+ if (def_offset > len || len - def_offset < sizeof (GElf_Verdef))
return;
/* Work the tree from the first record. */
@@ -90,7 +90,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
GElf_Verdaux *adest;
/* Test for correct offset. */
- if (aux_offset + sizeof (GElf_Verdaux) > len)
+ if (aux_offset > len || len - aux_offset < sizeof (GElf_Verdaux))
return;
adest = (GElf_Verdaux *) ((char *) dest + aux_offset);
@@ -155,7 +155,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
GElf_Vernaux *asrc;
/* Test for correct offset. */
- if (need_offset + sizeof (GElf_Verneed) > len)
+ if (need_offset > len || len - need_offset < sizeof (GElf_Verneed))
return;
/* Work the tree from the first record. */
@@ -182,7 +182,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
GElf_Vernaux *adest;
/* Test for correct offset. */
- if (aux_offset + sizeof (GElf_Vernaux) > len)
+ if (aux_offset > len || len - aux_offset < sizeof (GElf_Vernaux))
return;
adest = (GElf_Vernaux *) ((char *) dest + aux_offset);
--
1.8.3.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-11-18 8:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-18 8:58 [COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).