This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH] libelf: Check compression ratio before trying to allocate output buffer.
- From: Mark Wielaard <mark at klomp dot org>
- To: elfutils-devel at sourceware dot org
- Cc: Mark Wielaard <mark at klomp dot org>
- Date: Fri, 24 Mar 2017 15:06:04 +0100
- Subject: [PATCH] libelf: Check compression ratio before trying to allocate output buffer.
- Authentication-results: sourceware.org; auth=none
The maximum compression factor (http://www.zlib.net/zlib_tech.html) is
1032:1. Add a sanity check for that before trying to allocate lots of
memory and trying to decompress lots of bogus data.
https://sourceware.org/bugzilla/show_bug.cgi?id=21301
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libelf/ChangeLog | 5 +++++
libelf/elf_compress.c | 9 +++++++++
2 files changed, 14 insertions(+)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 8539cb5..35e5271 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-24 Mark Wielaard <mark@klomp.org>
+
+ * elf_compress.c (__libelf_decompress): Check insane compression
+ ratios before trying to allocate output buffer.
+
2016-10-11 Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>
Mark Wielaard <mjw@redhat.com>
diff --git a/libelf/elf_compress.c b/libelf/elf_compress.c
index dac0ac6..711be59 100644
--- a/libelf/elf_compress.c
+++ b/libelf/elf_compress.c
@@ -211,6 +211,15 @@ void *
internal_function
__libelf_decompress (void *buf_in, size_t size_in, size_t size_out)
{
+ /* Catch highly unlikely compression ratios so we don't allocate
+ some giant amount of memory for nothing. The max compression
+ factor 1032:1 comes from http://www.zlib.net/zlib_tech.html */
+ if (unlikely (size_out / 1032 > size_in))
+ {
+ __libelf_seterrno (ELF_E_INVALID_DATA);
+ return NULL;
+ }
+
void *buf_out = malloc (size_out);
if (unlikely (buf_out == NULL))
{
--
1.8.3.1