readelf

Ed Maste Wed, 04 Mar 2020 12:42:19 -0800

Author: emaste
Date: Wed Mar  4 20:41:45 2020
New Revision: 358639
URL: https://svnweb.freebsd.org/changeset/base/358639


Log:
  readelf: simplify namesz / descsz checks
  
  MFC after:    3 days
  Sponsored by: The FreeBSD Foundation

Modified:
  head/contrib/elftoolchain/readelf/readelf.c

Modified: head/contrib/elftoolchain/readelf/readelf.c
==============================================================================
--- head/contrib/elftoolchain/readelf/readelf.c Wed Mar  4 20:30:11 2020        
(r358638)
+++ head/contrib/elftoolchain/readelf/readelf.c Wed Mar  4 20:41:45 2020        
(r358639)
@@ -3728,6 +3728,7 @@ dump_notes_content(struct readelf *re, const char *buf
 {
        Elf_Note *note;
        const char *end, *name;
+       uint32_t namesz, descsz;
 
        printf("\nNotes at offset %#010jx with length %#010jx:\n",
            (uintmax_t) off, (uintmax_t) sz);
@@ -3739,13 +3740,16 @@ dump_notes_content(struct readelf *re, const char *buf
                        return;
                }
                note = (Elf_Note *)(uintptr_t) buf;
-               buf += sizeof(Elf_Note);
-               if (buf + roundup2(note->n_namesz, 4) > end) {
-                       warnx("invalid note header name");
+               namesz = roundup2(note->n_namesz, 4);
+               descsz = roundup2(note->n_descsz, 4);
+               if (namesz < note->n_namesz || descsz < note->n_descsz ||
+                   buf + namesz + descsz > end) {
+                       warnx("invalid note header");
                        return;
                }
+               buf += sizeof(Elf_Note);
                name = buf;
-               buf += roundup2(note->n_namesz, 4);
+               buf += namesz;
                /*
                 * The name field is required to be nul-terminated, and
                 * n_namesz includes the terminating nul in observed
@@ -3763,12 +3767,8 @@ dump_notes_content(struct readelf *re, const char *buf
                printf("  %-13s %#010jx", name, (uintmax_t) note->n_descsz);
                printf("      %s\n", note_type(name, re->ehdr.e_type,
                    note->n_type));
-               if (buf + roundup2(note->n_descsz, 4) > end) {
-                       warnx("invalid note header desc");
-                       return;
-               }
                dump_notes_data(re, name, note->n_type, buf, note->n_descsz);
-               buf += roundup2(note->n_descsz, 4);
+               buf += descsz;
        }
 }
 
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r358639 - head/contrib/elftoolchain/readelf

Reply via email to