diff options
| author |   semarie <semarie@openbsd.org> | 2015-06-23 15:13:29 +0000 |
|---|---|---|
| committer | semarie <semarie@openbsd.org> | 2015-06-23 15:13:29 +0000 |
| commit | 8e73cb8c2437f776da5b34c93cc8a38495fb4cdc (patch) | |
| tree | fdd4c98b9c2ecb0ac2a7db90c7a789cb9b0eb617 | |
| parent | corrects a read after bound that occurs in strcmp (line just (diff) | |
| download | wireguard-openbsd-8e73cb8c2437f776da5b34c93cc8a38495fb4cdc.tar.xz wireguard-openbsd-8e73cb8c2437f776da5b34c93cc8a38495fb4cdc.zip | |
This patch ensure that e_shentsize (sections header's size in bytes) is
big enough to fill at least one Elf_Shdr.
While here, inverts calloc() arguments to be calloc(nmemb, size),
according to fread() call after.
This problem was found with afl, with e_shentsize=1.
ok miod@
| -rw-r--r-- | usr.bin/nm/elf.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/nm/elf.c b/usr.bin/nm/elf.c index ef82ab1bc09..bf134ad7513 100644 --- a/usr.bin/nm/elf.c +++ b/usr.bin/nm/elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: elf.c,v 1.30 2015/06/23 15:02:58 semarie Exp $ */ +/* $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $ */ /* * Copyright (c) 2003 Michael Shalayeff @@ -159,7 +159,12 @@ elf_load_shdrs(const char *name, FILE *fp, off_t foff, Elf_Ehdr *head) return (NULL); } - if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) { + if (head->e_shentsize < sizeof(Elf_Shdr)) { + warnx("%s: inconsistent section header size", name); + return (NULL); + } + + if ((shdr = calloc(head->e_shnum, head->e_shentsize)) == NULL) { warn("%s: malloc shdr", name); return (NULL); } |