Permalink
Browse files

Fix note bounds reading, Francisco Alonso / Red Hat

  • Loading branch information...
zoulasc committed Oct 17, 2014
1 parent 964bf04 commit 39c7ac1106be844a5296d3eb5971946cc09ffda0
Showing with 12 additions and 1 deletion.
  1. +4 −0 ChangeLog
  2. +8 −1 src/readelf.c
View
@@ -1,3 +1,7 @@
2014-10-17 11:48 Christos Zoulas <christos@zoulas.com>
* fix bounds in note reading (Francisco Alonso / Red Hat)
2014-10-11 15:02 Christos Zoulas <christos@zoulas.com>
* fix autoconf glue for setlocale and locale_t; some OS's
View
@@ -27,7 +27,7 @@
#include "file.h"
#ifndef lint
FILE_RCSID("@(#)$File: readelf.c,v 1.102 2014/03/11 21:00:13 christos Exp $")
FILE_RCSID("@(#)$File: readelf.c,v 1.103 2014/05/02 02:25:10 christos Exp $")
#endif
#ifdef BUILTIN_ELF
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);
if (xnh_sizeof + offset > size) {
/*
* We're out of note headers.
*/
return xnh_sizeof + offset;
}
(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;

6 comments on commit 39c7ac1

@malaimo2900

This comment has been minimized.

Show comment
Hide comment
@malaimo2900

malaimo2900 Nov 7, 2014

Does the invalid note header make the ELF file invalid? What does a note header look like that would cause this issue?

malaimo2900 replied Nov 7, 2014

Does the invalid note header make the ELF file invalid? What does a note header look like that would cause this issue?

@zoulasc

This comment has been minimized.

Show comment
Hide comment
@zoulasc

zoulasc Nov 7, 2014

Contributor
Contributor

zoulasc replied Nov 7, 2014

@malaimo2900

This comment has been minimized.

Show comment
Hide comment
@malaimo2900

malaimo2900 Nov 7, 2014

No I do not have an example file. I just have an interest in PHP.

What does readelf do? Is it a validation of ELF files?

malaimo2900 replied Nov 7, 2014

No I do not have an example file. I just have an interest in PHP.

What does readelf do? Is it a validation of ELF files?

@zoulasc

This comment has been minimized.

Show comment
Hide comment
@zoulasc

zoulasc Nov 7, 2014

Contributor
Contributor

zoulasc replied Nov 7, 2014

@masoomshah

This comment has been minimized.

Show comment
Hide comment
@masoomshah

masoomshah Jan 7, 2015

Hello,

I am on Windows OS using WAMP 2.4 (Apache 2.4.4 PHP 5.3.13), does this bug affects Windows OS as well? If so, in order to patch it, can I simply grab php_fileinfo.dll from newer release and replace it with existing one? Thanks much in advance.

masoomshah replied Jan 7, 2015

Hello,

I am on Windows OS using WAMP 2.4 (Apache 2.4.4 PHP 5.3.13), does this bug affects Windows OS as well? If so, in order to patch it, can I simply grab php_fileinfo.dll from newer release and replace it with existing one? Thanks much in advance.

@zoulasc

This comment has been minimized.

Show comment
Hide comment
@zoulasc

zoulasc Jan 7, 2015

Contributor
Contributor

zoulasc replied Jan 7, 2015

Please sign in to comment.