diff options
author | semarie <semarie@cvs.openbsd.org> | 2015-06-23 15:13:30 +0000 |
---|---|---|
committer | semarie <semarie@cvs.openbsd.org> | 2015-06-23 15:13:30 +0000 |
commit | 87a34ce659bd7ebd18375ecf2f8a95180f42639d (patch) | |
tree | a34f796ef207879c599b9681ebaac7c89aabd582 | |
parent | 674da2ead86bf750dca7cbbb36b72439d1ace168 (diff) |
This patch ensure that e_shentsize (sections header's size in bytes) is
big enough to fill at least one Elf_Shdr.
While here, inverts calloc() arguments to be calloc(nmemb, size),
according to fread() call after.
This problem was found with afl, with e_shentsize=1.
ok miod@
-rw-r--r-- | usr.bin/nm/elf.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/usr.bin/nm/elf.c b/usr.bin/nm/elf.c index ef82ab1bc09..bf134ad7513 100644 --- a/usr.bin/nm/elf.c +++ b/usr.bin/nm/elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: elf.c,v 1.30 2015/06/23 15:02:58 semarie Exp $ */ +/* $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $ */ /* * Copyright (c) 2003 Michael Shalayeff @@ -159,7 +159,12 @@ elf_load_shdrs(const char *name, FILE *fp, off_t foff, Elf_Ehdr *head) return (NULL); } - if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) { + if (head->e_shentsize < sizeof(Elf_Shdr)) { + warnx("%s: inconsistent section header size", name); + return (NULL); + } + + if ((shdr = calloc(head->e_shnum, head->e_shentsize)) == NULL) { warn("%s: malloc shdr", name); return (NULL); } |