diff options
author | Mark Wielaard <mjw@redhat.com> | 2015-05-31 16:05:34 +0200 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2015-06-05 14:48:55 +0200 |
commit | 2ec518247897bfa41327db2627e1e6112e5d59da (patch) | |
tree | d69c7b7ac2e5a6b942fc948b4a60decb3196abff /libelf | |
parent | f78e8640475ac1ea0b29bff79fbc77c0dfa47657 (diff) | |
download | elfutils-2ec518247897bfa41327db2627e1e6112e5d59da.tar.gz |
libelf: Fix possible unbounded stack usage in getphdr_wrlock.
When a copy needs to be made of the phdrs, allocate with malloc and free
after conversion instead of calling alloca.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libelf')
-rw-r--r-- | libelf/ChangeLog | 5 | ||||
-rw-r--r-- | libelf/elf32_getphdr.c | 18 |
2 files changed, 19 insertions, 4 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 4fd3f9f5..65f9112d 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,5 +1,10 @@ 2015-05-31 Mark Wielaard <mjw@redhat.com> + * elf32_getphdr.c (getphdr_wrlock): Allocate phdrs with malloc, not + alloca and free after conversion when a copy needs to be made. + +2015-05-31 Mark Wielaard <mjw@redhat.com> + * elf_getarsym.c (elf_getarsym): Allocate temporary file_date with malloc, not alloca also in !ALLOW_UNALIGNED case. diff --git a/libelf/elf32_getphdr.c b/libelf/elf32_getphdr.c index 1b82a480..38e489dc 100644 --- a/libelf/elf32_getphdr.c +++ b/libelf/elf32_getphdr.c @@ -141,13 +141,20 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf) } else { - if (ALLOW_UNALIGNED - || ((uintptr_t) file_phdr - & (__alignof__ (ElfW2(LIBELFBITS,Phdr)) - 1)) == 0) + bool copy = ! (ALLOW_UNALIGNED + || ((uintptr_t) file_phdr + & (__alignof__ (ElfW2(LIBELFBITS,Phdr)) + - 1)) == 0); + if (! copy) notcvt = file_phdr; else { - notcvt = (ElfW2(LIBELFBITS,Phdr) *) alloca (size); + notcvt = (ElfW2(LIBELFBITS,Phdr) *) malloc (size); + if (unlikely (notcvt == NULL)) + { + __libelf_seterrno (ELF_E_NOMEM); + goto out; + } memcpy (notcvt, file_phdr, size); } @@ -162,6 +169,9 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf) CONVERT_TO (phdr[cnt].p_flags, notcvt[cnt].p_flags); CONVERT_TO (phdr[cnt].p_align, notcvt[cnt].p_align); } + + if (copy) + free (notcvt); } } } |