Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix note bounds reading, Francisco Alonso / Red Hat
  • Loading branch information
zoulasc committed Oct 17, 2014
1 parent 964bf04 commit 39c7ac1
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
4 changes: 4 additions & 0 deletions ChangeLog
@@ -1,3 +1,7 @@
2014-10-17 11:48 Christos Zoulas <christos@zoulas.com>

* fix bounds in note reading (Francisco Alonso / Red Hat)

2014-10-11 15:02 Christos Zoulas <christos@zoulas.com>

* fix autoconf glue for setlocale and locale_t; some OS's
Expand Down
9 changes: 8 additions & 1 deletion src/readelf.c
Expand Up @@ -27,7 +27,7 @@
#include "file.h"

#ifndef lint
FILE_RCSID("@(#)$File: readelf.c,v 1.102 2014/03/11 21:00:13 christos Exp $")
FILE_RCSID("@(#)$File: readelf.c,v 1.103 2014/05/02 02:25:10 christos Exp $")
#endif

#ifdef BUILTIN_ELF
Expand Down Expand Up @@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
uint32_t namesz, descsz;
unsigned char *nbuf = CAST(unsigned char *, vbuf);

if (xnh_sizeof + offset > size) {
/*
* We're out of note headers.
*/
return xnh_sizeof + offset;
}

(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
offset += xnh_sizeof;

Expand Down

6 comments on commit 39c7ac1

@malaimo2900
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the invalid note header make the ELF file invalid? What does a note header look like that would cause this issue?

@zoulasc
Copy link
Contributor Author

@zoulasc zoulasc commented on 39c7ac1 Nov 7, 2014 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@malaimo2900
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No I do not have an example file. I just have an interest in PHP.

What does readelf do? Is it a validation of ELF files?

@zoulasc
Copy link
Contributor Author

@zoulasc zoulasc commented on 39c7ac1 Nov 7, 2014 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@masoomshah
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello,

I am on Windows OS using WAMP 2.4 (Apache 2.4.4 PHP 5.3.13), does this bug affects Windows OS as well? If so, in order to patch it, can I simply grab php_fileinfo.dll from newer release and replace it with existing one? Thanks much in advance.

@zoulasc
Copy link
Contributor Author

@zoulasc zoulasc commented on 39c7ac1 Jan 7, 2015 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.