diff options
| author |   mmcc <mmcc@openbsd.org> | 2015-12-29 22:31:21 +0000 |
|---|---|---|
| committer | mmcc <mmcc@openbsd.org> | 2015-12-29 22:31:21 +0000 |
| commit | 68b4c4ed93459493c36d44e0747067e3628ed53f (patch) | |
| tree | f6b774177fcbbcf491f39a09f899f127ea7eae8a /lib/libc | |
| parent | Add transpose-words, ok jasper@. (diff) | |
| download | wireguard-openbsd-68b4c4ed93459493c36d44e0747067e3628ed53f.tar.xz wireguard-openbsd-68b4c4ed93459493c36d44e0747067e3628ed53f.zip | |
Verify that the section header size supplied in the ELF header is what
we expect it to be. This prevents out-of-bounds access or excessive
memory allocation on a malformed ELF header.
Found by Serguey Parkhomovsky with AFL. Improved by and ok kettenis@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/gen/nlist.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libc/gen/nlist.c b/lib/libc/gen/nlist.c index f76543bf8fd..7506154d26b 100644 --- a/lib/libc/gen/nlist.c +++ b/lib/libc/gen/nlist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nlist.c,v 1.65 2015/10/16 16:54:38 tobias Exp $ */ +/* $OpenBSD: nlist.c,v 1.66 2015/12/29 22:31:21 mmcc Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -77,6 +77,9 @@ __elf_is_okay__(Elf_Ehdr *ehdr) retval = 1; } + if (ehdr->e_shentsize != sizeof(Elf_Shdr)) + return 0; + return retval; } |