mirror of
https://github.com/openbsd/src.git
synced 2025-01-03 06:45:37 -08:00
corrects a read after bound that occurs in strcmp (line just
after the added bound check). Found with afl. ok miod@
This commit is contained in:
semarie
parent
19edda9e59
commit
061050452b
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: elf.c,v 1.29 2015/06/23 13:43:08 semarie Exp $ */
|
||||
/* $OpenBSD: elf.c,v 1.30 2015/06/23 15:02:58 semarie Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Michael Shalayeff
|
||||
@ -451,7 +451,7 @@ elf_size(Elf_Ehdr *head, Elf_Shdr *shdr,
|
||||
|
||||
int
|
||||
elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
|
||||
Elf_Shdr *shdr, char *shstr, struct nlist **pnames,
|
||||
Elf_Shdr *shdr, char *shstr, long shstrsize, struct nlist **pnames,
|
||||
struct nlist ***psnames, size_t *pstabsize, int *pnrawnames,
|
||||
const char *strtab, const char *symtab)
|
||||
{
|
||||
@ -461,6 +461,10 @@ elf_symloadx(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
|
||||
int i;
|
||||
|
||||
for (i = 0; i < eh->e_shnum; i++) {
|
||||
if (shdr[i].sh_name >= shstrsize) {
|
||||
warnx("%s: corrupt file", name);
|
||||
return (1);
|
||||
}
|
||||
if (!strcmp(shstr + shdr[i].sh_name, strtab)) {
|
||||
*pstabsize = shdr[i].sh_size;
|
||||
if (*pstabsize > SIZE_MAX) {
|
||||
@ -561,11 +565,11 @@ elf_symload(const char *name, FILE *fp, off_t foff, Elf_Ehdr *eh,
|
||||
stab = NULL;
|
||||
*pnames = NULL; *psnames = NULL; *pnrawnames = 0;
|
||||
if (!dynamic_only) {
|
||||
elf_symloadx(name, fp, foff, eh, shdr, shstr, pnames,
|
||||
elf_symloadx(name, fp, foff, eh, shdr, shstr, shstrsize, pnames,
|
||||
psnames, pstabsize, pnrawnames, ELF_STRTAB, ELF_SYMTAB);
|
||||
}
|
||||
if (stab == NULL) {
|
||||
elf_symloadx(name, fp, foff, eh, shdr, shstr, pnames,
|
||||
elf_symloadx(name, fp, foff, eh, shdr, shstr, shstrsize, pnames,
|
||||
psnames, pstabsize, pnrawnames, ELF_DYNSTR, ELF_DYNSYM);
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: elfuncs.h,v 1.3 2006/09/30 14:34:13 kettenis Exp $ */
|
||||
/* $OpenBSD: elfuncs.h,v 1.4 2015/06/23 15:02:58 semarie Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004 Michael Shalayeff
|
||||
@ -36,7 +36,7 @@ int elf32_fix_phdrs(Elf32_Ehdr *eh, Elf32_Phdr *phdr);
|
||||
int elf32_fix_sym(Elf32_Ehdr *eh, Elf32_Sym *sym);
|
||||
int elf32_size(Elf32_Ehdr *, Elf32_Shdr *, u_long *, u_long *, u_long *);
|
||||
int elf32_symloadx(const char *, FILE *, off_t, Elf32_Ehdr *, Elf32_Shdr *,
|
||||
char *, struct nlist **, struct nlist ***, size_t *, int *,
|
||||
char *, long, struct nlist **, struct nlist ***, size_t *, int *,
|
||||
const char *, const char *);
|
||||
int elf32_symload(const char *, FILE *, off_t, Elf32_Ehdr *, Elf32_Shdr *,
|
||||
struct nlist **, struct nlist ***, size_t *, int *);
|
||||
@ -49,7 +49,7 @@ int elf64_fix_phdrs(Elf64_Ehdr *eh, Elf64_Phdr *phdr);
|
||||
int elf64_fix_sym(Elf64_Ehdr *eh, Elf64_Sym *sym);
|
||||
int elf64_size(Elf64_Ehdr *, Elf64_Shdr *, u_long *, u_long *, u_long *);
|
||||
int elf64_symloadx(const char *, FILE *, off_t, Elf64_Ehdr *, Elf64_Shdr *,
|
||||
char *, struct nlist **, struct nlist ***, size_t *, int *,
|
||||
char *, long, struct nlist **, struct nlist ***, size_t *, int *,
|
||||
const char *, const char *);
|
||||
int elf64_symload(const char *, FILE *, off_t, Elf64_Ehdr *, Elf64_Shdr *,
|
||||
struct nlist **, struct nlist ***, size_t *, int *);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user