20 lines
524 B
Diff
20 lines
524 B
Diff
Fix note bounds reading, Francisco Alonso / Red Hat
|
|
|
|
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3710
|
|
|
|
--- src/readelf.c
|
|
+++ src/readelf.c
|
|
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
|
|
uint32_t namesz, descsz;
|
|
unsigned char *nbuf = CAST(unsigned char *, vbuf);
|
|
|
|
+ if (xnh_sizeof + offset > size) {
|
|
+ /*
|
|
+ * We're out of note headers.
|
|
+ */
|
|
+ return xnh_sizeof + offset;
|
|
+ }
|
|
+
|
|
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
|
|
offset += xnh_sizeof;
|
|
|