From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KsfVY-0005UU-Jr for garchives@archives.gentoo.org; Wed, 22 Oct 2008 15:20:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 00D6BE05B4; Wed, 22 Oct 2008 15:20:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CDEF1E05B4 for ; Wed, 22 Oct 2008 15:20:23 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 61C5464456 for ; Wed, 22 Oct 2008 15:20:22 +0000 (UTC) Received: from flameeyes by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1KsfVV-0004AN-V7 for gentoo-commits@lists.gentoo.org; Wed, 22 Oct 2008 15:20:22 +0000 From: "Diego Petteno (flameeyes)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, flameeyes@gentoo.org Subject: [gentoo-commits] gentoo-projects commit in pax-utils: scanelf.c X-VCS-Repository: gentoo-projects X-VCS-Files: scanelf.c X-VCS-Directories: pax-utils X-VCS-Committer: flameeyes X-VCS-Committer-Name: Diego Petteno Content-Type: text/plain; charset=utf8 Message-Id: Sender: Diego Petteno Date: Wed, 22 Oct 2008 15:20:21 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: b9c66fbc-7019-4fe3-9526-10f1c0c8d21e X-Archives-Hash: 959e76627de58137b0ef82195a32817e flameeyes 08/10/22 15:20:21 Modified: scanelf.c Log: Avoid crashes when scanning files with "corrupt symbols". =20 Instead of dereferencing sym without checking, stop as soon as the pointer goes out of the ELF file range. Revision Changes Path 1.195 pax-utils/scanelf.c file : http://sources.gentoo.org/viewcvs.py/gentoo-projects/pax-utils/sca= nelf.c?rev=3D1.195&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-projects/pax-utils/sca= nelf.c?rev=3D1.195&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo-projects/pax-utils/sca= nelf.c?r1=3D1.194&r2=3D1.195 Index: scanelf.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v retrieving revision 1.194 retrieving revision 1.195 diff -u -r1.194 -r1.195 --- scanelf.c 29 Sep 2008 06:05:55 -0000 1.194 +++ scanelf.c 22 Oct 2008 15:20:21 -0000 1.195 @@ -1,13 +1,13 @@ /* * Copyright 2003-2007 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.194 200= 8/09/29 06:05:55 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.195 200= 8/10/22 15:20:21 flameeyes Exp $ * * Copyright 2003-2007 Ned Ludd - * Copyright 2004-2007 Mike Frysinger - */ =20 -static const char *rcsid =3D "$Id: scanelf.c,v 1.194 2008/09/29 06:05:55= vapier Exp $"; +static const char *rcsid =3D "$Id: scanelf.c,v 1.195 2008/10/22 15:20:21= flameeyes Exp $"; const char * const argv0 =3D "scanelf"; =20 #include "paxinc.h" @@ -999,6 +999,10 @@ if (cnt) \ cnt =3D EGET(symtab->sh_size) / cnt; \ for (i =3D 0; i < cnt; ++i) { \ + if ( (void*)sym > (void*)elf->data_end ) { \ + warnf("%s: corrupt ELF symbols - aborting", elf->filename); \ + goto break_out; \ + } \ if (sym->st_name) { \ /* make sure the symbol name is in acceptable memory range */ \ symname =3D (char *)(elf->data + EGET(strtab->sh_offset) + EGET(sym-= >st_name)); \