diff options
| author | mmcc <mmcc@cvs.openbsd.org> | 2015-12-29 22:31:22 +0000 |
|---|---|---|
| committer | mmcc <mmcc@cvs.openbsd.org> | 2015-12-29 22:31:22 +0000 |
| commit | 3f926eb75a6367f08f5f4f2330e411589077d6b7 (patch) | |
| tree | 99b3f6cd4298f4080d6f7fe49048aecdc76df533 /lib/libc/gen | |
| parent | 4fed9b0c21bdbad1e13690a53f29dea96e4e90c7 (diff) | |
Verify that the section header size supplied in the ELF header is what
we expect it to be. This prevents out-of-bounds access or excessive
memory allocation on a malformed ELF header.
Found by Serguey Parkhomovsky with AFL. Improved by and ok kettenis@
Diffstat (limited to 'lib/libc/gen')
| -rw-r--r-- | lib/libc/gen/nlist.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libc/gen/nlist.c b/lib/libc/gen/nlist.c index f76543bf8fd..7506154d26b 100644 --- a/lib/libc/gen/nlist.c +++ b/lib/libc/gen/nlist.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nlist.c,v 1.65 2015/10/16 16:54:38 tobias Exp $ */ +/* $OpenBSD: nlist.c,v 1.66 2015/12/29 22:31:21 mmcc Exp $ */ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -77,6 +77,9 @@ __elf_is_okay__(Elf_Ehdr *ehdr) retval = 1; } + if (ehdr->e_shentsize != sizeof(Elf_Shdr)) + return 0; + return retval; } |