generic-library/libbsd
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libbsd/libbsd.git synced 2025-01-24 02:51:43 +01:00
Code Issues Projects Releases Wiki Activity

nlist: Fix out-of-bounds read on strtab

Browse Source 
When doing a string comparison for a symbol name from the string table,
we should make sure we do a bounded comparison, otherwise a non-NUL
terminated string might make the code read out-of-bounds.

Warned-by: coverity
This commit is contained in:
Guillem Jover 2019-08-07 22:58:30 +02:00
parent 18662cadfc
commit 9d917aad37
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/nlist.c
View File

@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list)
symsize -= cc; symsize -= cc;
for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) { for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
char *name; char *name;
Elf_Word size;
struct nlist *p; struct nlist *p;
name = strtab + s->st_name; name = strtab + s->st_name;
if (name[0] == '\0') if (name[0] == '\0')
continue; continue;
size = symstrsize - s->st_name;
for (p = list; !ISLAST(p); p++) { for (p = list; !ISLAST(p); p++) {
if ((p->n_un.n_name[0] == '_' && if ((p->n_un.n_name[0] == '_' &&
strcmp(name, p->n_un.n_name+1) == 0) strncmp(name, p->n_un.n_name+1, size) == 0) ||
|| strcmp(name, p->n_un.n_name) == 0) { strncmp(name, p->n_un.n_name, size) == 0) {
elf_sym_to_nlist(p, s, shdr, elf_sym_to_nlist(p, s, shdr,
ehdr.e_shnum); ehdr.e_shnum);
if (--nent <= 0) if (--nent <= 0)