summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormmcc <mmcc@cvs.openbsd.org>2015-12-29 22:31:22 +0000
committermmcc <mmcc@cvs.openbsd.org>2015-12-29 22:31:22 +0000
commit3f926eb75a6367f08f5f4f2330e411589077d6b7 (patch)
tree99b3f6cd4298f4080d6f7fe49048aecdc76df533
parent4fed9b0c21bdbad1e13690a53f29dea96e4e90c7 (diff)
Verify that the section header size supplied in the ELF header is what
we expect it to be. This prevents out-of-bounds access or excessive memory allocation on a malformed ELF header. Found by Serguey Parkhomovsky with AFL. Improved by and ok kettenis@
-rw-r--r--lib/libc/gen/nlist.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libc/gen/nlist.c b/lib/libc/gen/nlist.c
index f76543bf8fd..7506154d26b 100644
--- a/lib/libc/gen/nlist.c
+++ b/lib/libc/gen/nlist.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nlist.c,v 1.65 2015/10/16 16:54:38 tobias Exp $ */
+/* $OpenBSD: nlist.c,v 1.66 2015/12/29 22:31:21 mmcc Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -77,6 +77,9 @@ __elf_is_okay__(Elf_Ehdr *ehdr)
retval = 1;
}
+ if (ehdr->e_shentsize != sizeof(Elf_Shdr))
+ return 0;
+
return retval;
}