d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

readelf: simplify namesz / descsz checks

Browse Source 
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2020-03-04 20:41:45 +00:00
parent 721ac29c0c
commit 89839cad79
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
contrib/elftoolchain/readelf/readelf.c
View File

@ -3728,6 +3728,7 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
{
Elf_Note *note;
const char *end, *name;
uint32_t namesz, descsz;
printf("\nNotes at offset %#010jx with length %#010jx:\n",
(uintmax_t) off, (uintmax_t) sz);
@ -3739,13 +3740,16 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
return;
}
note = (Elf_Note *)(uintptr_t) buf;
buf += sizeof(Elf_Note);
if (buf + roundup2(note->n_namesz, 4) > end) {
warnx("invalid note header name");
namesz = roundup2(note->n_namesz, 4);
descsz = roundup2(note->n_descsz, 4);
if (namesz < note->n_namesz || descsz < note->n_descsz ||
buf + namesz + descsz > end) {
warnx("invalid note header");
return;
}
buf += sizeof(Elf_Note);
name = buf;
buf += roundup2(note->n_namesz, 4);
buf += namesz;
/*
* The name field is required to be nul-terminated, and
* n_namesz includes the terminating nul in observed
@ -3763,12 +3767,8 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
printf(" %-13s %#010jx", name, (uintmax_t) note->n_descsz);
printf(" %s\n", note_type(name, re->ehdr.e_type,
note->n_type));
if (buf + roundup2(note->n_descsz, 4) > end) {
warnx("invalid note header desc");
return;
}
dump_notes_data(re, name, note->n_type, buf, note->n_descsz);
buf += roundup2(note->n_descsz, 4);
buf += descsz;
}
}