libebl: Check GNU property note pr_datasz fits inside note description.

Before printing the data values, make sure pr_datasz doesn't go beyond the end of the note description data. https://sourceware.org/bugzilla/show_bug.cgi?id=24075 Signed-off-by: Mark Wielaard <mark@klomp.org>
author: Mark Wielaard <mark@klomp.org> 2019-01-16 11:57:35 +0100
committer: Mark Wielaard <mark@klomp.org> 2019-01-16 12:08:16 +0100
commit: 012018907ca05eb0ab51d424a596ef38fc87cae1 (patch)
tree: 4032592ff089eeca3f7fe3b435a1d1b825255d33 /libebl
parent: 9af7aaf9d99c508341ddd7c764a6576b1d0bb9b8 (diff)
download: elfutils-012018907ca05eb0ab51d424a596ef38fc87cae1.tar.gz
2 files changed, 11 insertions, 0 deletions
diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 0174f331..77c22746 100644
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,3 +1,7 @@
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
+	* eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
+
 2018-12-02  Mark Wielaard  <mark@klomp.org>
 
 	* eblobjnte.c (ebl_object_note): For GNU_PROPERTY_STACK_SIZE use
diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
index c19ea37f..9094715c 100644
--- a/libebl/eblobjnote.c
+++ b/libebl/eblobjnote.c
@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t namesz, const char *name, uint32_t type,
 		  desc += 8;
 		  descsz -= 8;
 
+		  if (prop.pr_datasz > descsz)
+		    {
+		      printf ("BAD property datasz: %" PRId32 "\n",
+			      prop.pr_datasz);
+		      return;
+		    }
+
 		  int elfclass = gelf_getclass (ebl->elf);
 		  char *elfident = elf_getident (ebl->elf, NULL);
 		  GElf_Ehdr ehdr;
author	Mark Wielaard <mark@klomp.org>	2019-01-16 11:57:35 +0100
committer	Mark Wielaard <mark@klomp.org>	2019-01-16 12:08:16 +0100
commit	012018907ca05eb0ab51d424a596ef38fc87cae1 (patch)
tree	4032592ff089eeca3f7fe3b435a1d1b825255d33 /libebl
parent	9af7aaf9d99c508341ddd7c764a6576b1d0bb9b8 (diff)
download	elfutils-012018907ca05eb0ab51d424a596ef38fc87cae1.tar.gz