Author: gordon
Date: Thu Sep 7 19:23:08 2017
New Revision: 323281
URL: https://svnweb.freebsd.org/changeset/base/323281
Log:
MFC r323278: Fix an incorrectly used conditional causing buffer overflow.
Reported by: Thomas Jarosch of Intra2net AG
Reviewed by: emaste, jhb
Approved by: re (marius)
Security: CVE-2017-1000249
Modified:
stable/10/contrib/file/src/readelf.c
Directory Properties:
stable/10/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/11/contrib/file/src/readelf.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/10/contrib/file/src/readelf.c
==============================================================================
--- stable/10/contrib/file/src/readelf.c Thu Sep 7 19:15:31 2017
(r323280)
+++ stable/10/contrib/file/src/readelf.c Thu Sep 7 19:23:08 2017
(r323281)
@@ -509,7 +509,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf,
size_t noff, size_t doff, int *flags)
{
if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
+ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
uint8_t desc[20];
const char *btype;
uint32_t i;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
