This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] x86/CET: Don't parse beyond the note end

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>, "Carlos O'Donell" <carlos at redhat dot com>
Date: Fri, 27 Jul 2018 11:47:07 -0700
Subject: Re: [PATCH] x86/CET: Don't parse beyond the note end
References: <CAMe9rOoAQgbtMzftq6UOG_dMvUL3EtAu2Gk3bu_7=Rdt27F+qw@mail.gmail.com> <0349e9ae-b452-f358-ed8d-889866ce0767@redhat.com>

On Fri, Jul 27, 2018 at 11:26 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 07/27/2018 08:22 PM, H.J. Lu wrote:
>>
>> -         while (1)
>> +         while (ptr < ptr_end)
>>             {
>>               unsigned int type = *(unsigned int *) ptr;
>>               unsigned int datasz = *(unsigned int *) (ptr + 4);
>
>
> You need 1 byte, but 8 bytes.  Why is checking for at least 1 byte
> sufficient here?
>

There is:

          /* Check for invalid property.  */
          if (note->n_descsz < 8
              || (note->n_descsz % sizeof (ElfW(Addr))) != 0)
            break;

before that.   n_descsz should be correct.

-- 
H.J.

Follow-Ups:
- Re: [PATCH] x86/CET: Don't parse beyond the note end
  - From: Florian Weimer

References:
- [PATCH] x86/CET: Don't parse beyond the note end
  - From: H.J. Lu
- Re: [PATCH] x86/CET: Don't parse beyond the note end
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]