PR/372: LevilJiang: Limit size of notes to 128M

file · Jul 31, 2022 · e123324 · e123324
1 parent 32dd44f
commit e123324
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/readelf.c b/src/readelf.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: readelf.c,v 1.181 2022/07/07 17:19:52 christos Exp $")
+FILE_RCSID("@(#)$File: readelf.c,v 1.182 2022/07/31 16:01:01 christos Exp $")
 #endif
 
 #ifdef BUILTIN_ELF
@@ -62,6 +62,7 @@ private uint64_t getu64(int, uint64_t);
 
 #define MAX_PHNUM	128
 #define	MAX_SHNUM	32768
+#define MAX_SHSIZE	(64 * 1024 * 1024)
 #define SIZE_UNKNOWN	CAST(off_t, -1)
 
 private int
@@ -1449,6 +1450,12 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
 					return -1;
 				return 0;
 			}
+			if (xsh_size > MAX_SHSIZE) {
+				file_error(ms, errno, "Note section size too "
+				    "big (%ju > %u)", (uintmax_t)xsh_size,
+				    MAX_SHSIZE);
+				return -1;
+			}
 			if ((nbuf = malloc(xsh_size)) == NULL) {
 				file_error(ms, errno, "Cannot allocate memory"
 				    " for note");