diff options
author | Mark Wielaard <mjw@redhat.com> | 2015-05-06 17:38:18 +0200 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2015-05-12 16:48:33 +0200 |
commit | 5e80a1e8f57fbae3bd5687bb80a65e97f824f914 (patch) | |
tree | c10e6d88946a4ace08877fdad42620d844fea62e /src/elflint.c | |
parent | 9d0926538635fe9a2bda0684623516aaf4407ecb (diff) | |
download | elfutils-5e80a1e8f57fbae3bd5687bb80a65e97f824f914.tar.gz |
elflint: Add sanity checks to check_attributes.
This is similar to commit 9644aa for readelf print_attributes.
Bail out when the vendor name isn't terminated and add overflow check
for subsection_len.
Note that readelf does handle non-gnu attributes, while elflint doesn't.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'src/elflint.c')
-rw-r--r-- | src/elflint.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/elflint.c b/src/elflint.c index 4e536460..df476a1f 100644 --- a/src/elflint.c +++ b/src/elflint.c @@ -3423,7 +3423,7 @@ section [%2d] '%s': offset %zu: invalid length in attribute section\n"), ERROR (gettext ("\ section [%2d] '%s': offset %zu: unterminated vendor name string\n"), idx, section_name (ebl, idx), pos (p)); - continue; + break; } ++q; @@ -3466,7 +3466,9 @@ section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"), if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) CONVERT (subsection_len); - if (p - chunk < (ptrdiff_t) subsection_len) + /* Don't overflow, ptrdiff_t might be 32bits, but signed. */ + if (p - chunk < (ptrdiff_t) subsection_len + || subsection_len >= (uint32_t) PTRDIFF_MAX) { ERROR (gettext ("\ section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"), |