This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed.

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Tue, 18 Nov 2014 09:58:12 +0100
Subject: [COMMITTED] libelf: Check for overflow in version_xlate elf_cvt_Verdef and elf_cvt_Verneed.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libelf/ChangeLog       | 5 +++++
 libelf/version_xlate.h | 8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 9ae24a9..c7e8d30 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-18  Mark Wielaard  <mjw@redhat.com>
+
+	* version_xlate.h (elf_cvt_Verdef): Check for overflow.
+	(elf_cvt_Verneed): Likewise.
+
 2014-11-17  Mark Wielaard  <mjw@redhat.com>
 
 	* elf-knowledge.h (SECTION_STRIP_P): Check name is not NULL.
diff --git a/libelf/version_xlate.h b/libelf/version_xlate.h
index 935f77a..16eaa19 100644
--- a/libelf/version_xlate.h
+++ b/libelf/version_xlate.h
@@ -61,7 +61,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
       GElf_Verdaux *asrc;
 
       /* Test for correct offset.  */
-      if (def_offset + sizeof (GElf_Verdef) > len)
+      if (def_offset > len || len - def_offset < sizeof (GElf_Verdef))
 	return;
 
       /* Work the tree from the first record.  */
@@ -90,7 +90,7 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
 	  GElf_Verdaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset + sizeof (GElf_Verdaux) > len)
+	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Verdaux))
 	    return;
 
 	  adest = (GElf_Verdaux *) ((char *) dest + aux_offset);
@@ -155,7 +155,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
       GElf_Vernaux *asrc;
 
       /* Test for correct offset.  */
-      if (need_offset + sizeof (GElf_Verneed) > len)
+      if (need_offset > len || len - need_offset < sizeof (GElf_Verneed))
 	return;
 
       /* Work the tree from the first record.  */
@@ -182,7 +182,7 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
 	  GElf_Vernaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset + sizeof (GElf_Vernaux) > len)
+	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Vernaux))
 	    return;
 
 	  adest = (GElf_Vernaux *) ((char *) dest + aux_offset);
-- 
1.8.3.1

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]