mirror of
https://gitlab.freedesktop.org/libbsd/libbsd.git
synced 2025-10-24 00:49:49 +02:00
nlist: Check that e_shnum and e_shentsize are within bounds
The e_shnum must not be 0, otherwise we will do a zero sized allocation and further processing of the executable will lead to out of bounds read/write accesses. The e_shentsize must be equal to sizeof(Elf_Shdr), otherwise we will perform out of bounds read accesses on the shdr array. Reported-by: Daniel Hodson <daniel@elttam.com.au> Based-on-patch-by: Daniel Hodson <daniel@elttam.com.au> Signed-off-by: Guillem Jover <guillem@hadrons.org>
This commit is contained in:
@@ -141,6 +141,12 @@ __fdnlist(int fd, struct nlist *list)
|
|||||||
fstat(fd, &st) < 0)
|
fstat(fd, &st) < 0)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
|
||||||
|
if (ehdr.e_shnum == 0 ||
|
||||||
|
ehdr.e_shentsize != sizeof(Elf_Shdr)) {
|
||||||
|
errno = ERANGE;
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
/* calculate section header table size */
|
/* calculate section header table size */
|
||||||
shdr_size = ehdr.e_shentsize * ehdr.e_shnum;
|
shdr_size = ehdr.e_shentsize * ehdr.e_shnum;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user