This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH] libelf: Make sure ar archive long_names len fits in mapped ELF file.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 16 Dec 2014 20:06:43 +0100
- Subject: [PATCH] libelf: Make sure ar archive long_names len fits in mapped ELF file.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libelf/ChangeLog | 5 +++++
libelf/elf_begin.c | 15 ++++++++++-----
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index fe210ab..270579b 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-16 Mark Wielaard <mjw@redhat.com>
+
+ * elf_begin.c (read_long_names): Make sure long_names len fits
+ in mapped ELF file.
+
2014-12-15 Mark Wielaard <mjw@redhat.com>
* elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index c24a364..30abe0b 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -708,11 +708,15 @@ read_long_names (Elf *elf)
char *runp;
if (elf->map_address != NULL)
- /* Simply copy it over. */
- elf->state.ar.long_names = (char *) memcpy (newp,
- elf->map_address + offset
- + sizeof (struct ar_hdr),
- len);
+ {
+ if (len > elf->maximum_size - offset - sizeof (struct ar_hdr))
+ goto too_much;
+ /* Simply copy it over. */
+ elf->state.ar.long_names = (char *) memcpy (newp,
+ elf->map_address + offset
+ + sizeof (struct ar_hdr),
+ len);
+ }
else
{
if (unlikely ((size_t) pread_retry (elf->fildes, newp, len,
@@ -720,6 +724,7 @@ read_long_names (Elf *elf)
+ sizeof (struct ar_hdr))
!= len))
{
+ too_much:
/* We were not able to read all data. */
free (newp);
elf->state.ar.long_names = NULL;
--
1.8.3.1