From: Christos Zoulas <christos@zoulas.com>
Date: Fri, 17 Oct 2014 15:49:00 +0000 (+0000)
Subject: Fix note bounds reading, Francisco Alonso / Red Hat
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=73a67c43f58003c8d16ccb5ba85b26d14158e07e;p=file

Fix note bounds reading, Francisco Alonso / Red Hat
---

diff --git a/ChangeLog b/ChangeLog
index b42e3d78..681e7a95 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-10-17  11:48  Christos Zoulas <christos@zoulas.com>
+
+	* fix bounds in note reading (Francisco Alonso / Red Hat)
+
 2014-10-11  15:02  Christos Zoulas <christos@zoulas.com>
 
 	* fix autoconf glue for setlocale and locale_t; some OS's
diff --git a/src/readelf.c b/src/readelf.c
index ede7e0c7..ff58c828 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: readelf.c,v 1.103 2014/05/02 02:25:10 christos Exp $")
+FILE_RCSID("@(#)$File: readelf.c,v 1.104 2014/10/17 15:49:00 christos Exp $")
 #endif
 
 #ifdef BUILTIN_ELF
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
 	uint32_t namesz, descsz;
 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
 
+	if (xnh_sizeof + offset > size) {
+		/*
+		 * We're out of note headers.
+		 */
+		return xnh_sizeof + offset;
+	}
+
 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
 	offset += xnh_sizeof;