generic-library/libbsd
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libbsd/libbsd.git synced 2025-01-08 11:02:24 +01:00
Code Issues Projects Releases Wiki Activity

nlist: Fix unbounded malloc() calls

Browse Source 
There are a couple of malloc() calls with unbounded size arguments,
coming from the parsed file. We need to make sure the size is not
larger than the file being parsed, otherwise we might end up with
out of memory conditions.

Reported-by: Daniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover <guillem@hadrons.org>
This commit is contained in:
Guillem Jover 2019-06-15 14:33:32 +02:00
parent ce53f7c25f
commit 18662cadfc
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/nlist.c
View File

@ -151,7 +151,7 @@ __fdnlist(int fd, struct nlist *list)
shdr_size = ehdr.e_shentsize * ehdr.e_shnum;
/* Make sure it's not too big to mmap */
if (shdr_size > SIZE_T_MAX) {
if (shdr_size > SIZE_T_MAX || shdr_size > st.st_size) {
errno = EFBIG;
return (-1);
}
@ -184,7 +184,7 @@ __fdnlist(int fd, struct nlist *list)
}
/* Check for files too large to mmap. */
if (symstrsize > SIZE_T_MAX) {
if (symstrsize > SIZE_T_MAX || symstrsize > st.st_size) {
errno = EFBIG;
goto done;
}