Add a check for too big e_phnum that could cause us to malloc to

much and barf. This should have been merged into this file from exec_elf64.c a long time ago. Looking for volunteers to merge exec_elf.c and exec_elf64.c
author: art <art@openbsd.org> 2001-07-30 11:58:36 +0000
committer: art <art@openbsd.org> 2001-07-30 11:58:36 +0000
commit: 5bb2194cabb6d45e136c76a08362dbf4ebf3c8da (patch)
tree: ec4b658633d263e6bab25f833a2c29178adfdf70 /sys/kern/exec_elf.c
parent: Make the e_phnum check slightly cleaner. (diff)
download: wireguard-openbsd-5bb2194cabb6d45e136c76a08362dbf4ebf3c8da.tar.xz
wireguard-openbsd-5bb2194cabb6d45e136c76a08362dbf4ebf3c8da.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index 2eb09508aca..ed9c5d46536 100644
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_elf.c,v 1.32 2001/06/22 14:14:07 deraadt Exp $	*/
+/*	$OpenBSD: exec_elf.c,v 1.33 2001/07/30 11:58:36 art Exp $	*/
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -189,6 +189,10 @@ elf_check_header(ehdr, type)
 	if (ehdr->e_type != type)
 		return (ENOEXEC);
 
+	/* Don't allow an insane amount of sections. */
+	if (ehdr->e_phnum > 128)
+		return (ENOEXEC);
+
 	return (0);
 }
 
@@ -232,6 +236,10 @@ os_ok:
 	if (ehdr->e_type != type)
 		return (ENOEXEC);
 
+	/* Don't allow an insane amount of sections. */
+	if (ehdr->e_phnum > 128)
+		return (ENOEXEC);
+
 	*os = ehdr->e_ident[OI_OS];
 	return (0);
 }
author	art <art@openbsd.org>	2001-07-30 11:58:36 +0000
committer	art <art@openbsd.org>	2001-07-30 11:58:36 +0000
commit	5bb2194cabb6d45e136c76a08362dbf4ebf3c8da (patch)
tree	ec4b658633d263e6bab25f833a2c29178adfdf70 /sys/kern/exec_elf.c
parent	Make the e_phnum check slightly cleaner. (diff)
download	wireguard-openbsd-5bb2194cabb6d45e136c76a08362dbf4ebf3c8da.tar.xz wireguard-openbsd-5bb2194cabb6d45e136c76a08362dbf4ebf3c8da.zip