void-packages/srcpkgs/file/patches/CVE-2014-3710.patch

21 lines
524 B
Diff
Raw Normal View History

Fix note bounds reading, Francisco Alonso / Red Hat
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
--- src/readelf.c
+++ src/readelf.c
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ if (xnh_sizeof + offset > size) {
+ /*
+ * We're out of note headers.
+ */
+ return xnh_sizeof + offset;
+ }
+
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;