* [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) @ 2017-03-27 10:40 ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: ago at gentoo dot org @ 2017-03-27 10:40 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Bug ID: 21311 Summary: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) Product: elfutils Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: tools Assignee: unassigned at sourceware dot org Reporter: ago at gentoo dot org CC: elfutils-devel at sourceware dot org Target Milestone: --- Created attachment 9945 --> https://sourceware.org/bugzilla/attachment.cgi?id=9945&action=edit stacktrace Hoping that it has not the same root cause of bug 21310. On elfutils-0.168: # eu-elflint -d $FILE READ of size 4 at 0x60b00000aff4 thread T0 #0 0x40b36a in check_sysv_hash /tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:2020 Compiled with: gcc-6.3.0 Reproducer: https://github.com/asarubbo/poc/blob/master/00235-elfutils-heapoverflow-check_sysv_hash Stacktrace attached. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org @ 2017-03-27 22:39 ` mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-03-27 22:39 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mark at klomp dot org --- Comment #1 from Mark Wielaard <mark at klomp dot org> --- We were a little too trusting of the data we were checking. https://sourceware.org/ml/elfutils-devel/2017-q1/msg00131.html -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org @ 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-04-03 22:23 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 --- Comment #2 from Mark Wielaard <mark at klomp dot org> --- commit 61fe61898747f63eb35a81c2261f3590a3dab8fd Author: Mark Wielaard <mark@klomp.org> Date: Tue Mar 28 00:38:52 2017 +0200 elflint: Don't trust sh_entsize when checking hash sections. Calculate and use the expected entsize instead of relying on the one given by the ELF file section header. Return early if there isn't enough data in the section to check the full hash table. https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Signed-off-by: Mark Wielaard <mark@klomp.org> -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org @ 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-04-03 22:31 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Wielaard <mark at klomp dot org> --- Pushed -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-03 22:31 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).