summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsemarie <semarie@cvs.openbsd.org>2015-06-23 15:13:30 +0000
committersemarie <semarie@cvs.openbsd.org>2015-06-23 15:13:30 +0000
commit87a34ce659bd7ebd18375ecf2f8a95180f42639d (patch)
treea34f796ef207879c599b9681ebaac7c89aabd582
parent674da2ead86bf750dca7cbbb36b72439d1ace168 (diff)
This patch ensure that e_shentsize (sections header's size in bytes) is
big enough to fill at least one Elf_Shdr. While here, inverts calloc() arguments to be calloc(nmemb, size), according to fread() call after. This problem was found with afl, with e_shentsize=1. ok miod@
-rw-r--r--usr.bin/nm/elf.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/nm/elf.c b/usr.bin/nm/elf.c
index ef82ab1bc09..bf134ad7513 100644
--- a/usr.bin/nm/elf.c
+++ b/usr.bin/nm/elf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: elf.c,v 1.30 2015/06/23 15:02:58 semarie Exp $ */
+/* $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $ */
/*
* Copyright (c) 2003 Michael Shalayeff
@@ -159,7 +159,12 @@ elf_load_shdrs(const char *name, FILE *fp, off_t foff, Elf_Ehdr *head)
return (NULL);
}
- if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) {
+ if (head->e_shentsize < sizeof(Elf_Shdr)) {
+ warnx("%s: inconsistent section header size", name);
+ return (NULL);
+ }
+
+ if ((shdr = calloc(head->e_shnum, head->e_shentsize)) == NULL) {
warn("%s: malloc shdr", name);
return (NULL);
}