* [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c)
@ 2017-03-27 10:40 ago at gentoo dot org
2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: ago at gentoo dot org @ 2017-03-27 10:40 UTC (permalink / raw)
To: elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=21311
Bug ID: 21311
Summary: eu-elflint: heap-based buffer overflow in
check_sysv_hash (elflint.c)
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: tools
Assignee: unassigned at sourceware dot org
Reporter: ago at gentoo dot org
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 9945
--> https://sourceware.org/bugzilla/attachment.cgi?id=9945&action=edit
stacktrace
Hoping that it has not the same root cause of bug 21310.
On elfutils-0.168:
# eu-elflint -d $FILE
READ of size 4 at 0x60b00000aff4 thread T0
#0 0x40b36a in check_sysv_hash
/tmp/portage/dev-libs/elfutils-0.168/work/elfutils-0.168/src/elflint.c:2020
Compiled with: gcc-6.3.0
Reproducer:
https://github.com/asarubbo/poc/blob/master/00235-elfutils-heapoverflow-check_sysv_hash
Stacktrace attached.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org @ 2017-03-27 22:39 ` mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-03-27 22:39 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mark at klomp dot org --- Comment #1 from Mark Wielaard <mark at klomp dot org> --- We were a little too trusting of the data we were checking. https://sourceware.org/ml/elfutils-devel/2017-q1/msg00131.html -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org @ 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-04-03 22:23 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 --- Comment #2 from Mark Wielaard <mark at klomp dot org> --- commit 61fe61898747f63eb35a81c2261f3590a3dab8fd Author: Mark Wielaard <mark@klomp.org> Date: Tue Mar 28 00:38:52 2017 +0200 elflint: Don't trust sh_entsize when checking hash sections. Calculate and use the expected entsize instead of relying on the one given by the ELF file section header. Return early if there isn't enough data in the section to check the full hash table. https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Signed-off-by: Mark Wielaard <mark@klomp.org> -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug tools/21311] eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org @ 2017-04-03 22:31 ` mark at klomp dot org 2 siblings, 0 replies; 4+ messages in thread From: mark at klomp dot org @ 2017-04-03 22:31 UTC (permalink / raw) To: elfutils-devel https://sourceware.org/bugzilla/show_bug.cgi?id=21311 Mark Wielaard <mark at klomp dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Wielaard <mark at klomp dot org> --- Pushed -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-03 22:31 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-03-27 10:40 [Bug tools/21311] New: eu-elflint: heap-based buffer overflow in check_sysv_hash (elflint.c) ago at gentoo dot org 2017-03-27 22:39 ` [Bug tools/21311] " mark at klomp dot org 2017-04-03 22:23 ` mark at klomp dot org 2017-04-03 22:31 ` mark at klomp dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).