vapier 15/02/21 19:30:59 Modified: scanelf.c Log: scanelf: fix logic error in shdr string overflow Reported-by: Jakub Wilk <[email protected]> URL: https://bugs.debian.org/775270
Revision Changes Path 1.270 pax-utils/scanelf.c file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.270&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.270&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?r1=1.269&r2=1.270 Index: scanelf.c =================================================================== RCS file: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v retrieving revision 1.269 retrieving revision 1.270 diff -u -r1.269 -r1.270 --- scanelf.c 20 Nov 2014 01:25:56 -0000 1.269 +++ scanelf.c 21 Feb 2015 19:30:59 -0000 1.270 @@ -1,13 +1,13 @@ /* * Copyright 2003-2012 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.269 2014/11/20 01:25:56 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.270 2015/02/21 19:30:59 vapier Exp $ * * Copyright 2003-2012 Ned Ludd - <[email protected]> * Copyright 2004-2012 Mike Frysinger - <[email protected]> */ -static const char rcsid[] = "$Id: scanelf.c,v 1.269 2014/11/20 01:25:56 vapier Exp $"; +static const char rcsid[] = "$Id: scanelf.c,v 1.270 2015/02/21 19:30:59 vapier Exp $"; const char argv0[] = "scanelf"; #include "paxinc.h" @@ -443,7 +443,7 @@ if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \ offset = EGET(strtbl->sh_offset) + EGET(shdr[i].sh_name); \ str = elf->data + offset; \ - if (str > elf->data + offset + sizeof(NOTE_GNU_STACK)) continue; \ + if (str + sizeof(NOTE_GNU_STACK) > elf->data + elf->len) continue; \ if (!strcmp(str, NOTE_GNU_STACK)) { \ if (multi_stack++) warnf("%s: multiple .note.GNU-stack's !?", elf->filename); \ flags = EGET(shdr[i].sh_flags); \
