diff options
| author | jbj <devnull@localhost> | 2003-02-27 20:30:53 +0000 |
|---|---|---|
| committer | jbj <devnull@localhost> | 2003-02-27 20:30:53 +0000 |
| commit | be0ee61ce94b8821b075d57caee261251f963aee (patch) | |
| tree | e0dafccea44be01de07c9f8773a2f2a059d254c8 /file | |
| parent | 8f41770db22e211beb93c6be13072817d8d33e07 (diff) | |
| download | rpm-be0ee61ce94b8821b075d57caee261251f963aee.tar.gz rpm-be0ee61ce94b8821b075d57caee261251f963aee.tar.bz2 rpm-be0ee61ce94b8821b075d57caee261251f963aee.zip | |
- check size read from elf header (#85297).
CVS patchset: 6071
CVS date: 2003/02/27 20:30:53
Diffstat (limited to 'file')
| -rw-r--r-- | file/readelf.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/file/readelf.c b/file/readelf.c index cb28f338c..ca2138e02 100644 --- a/file/readelf.c +++ b/file/readelf.c @@ -82,12 +82,18 @@ getu64(const fmagic fm, uint64_t value) #define sh_addr (fm->cls == ELFCLASS32 \ ? (void *) &sh32 \ : (void *) &sh64) +#define sh_size (fm->cls == ELFCLASS32 \ + ? sizeof sh32 \ + : sizeof sh64) #define shs_type (fm->cls == ELFCLASS32 \ ? getu32(fm, sh32.sh_type) \ : getu32(fm, sh64.sh_type)) #define ph_addr (fm->cls == ELFCLASS32 \ ? (void *) &ph32 \ : (void *) &ph64) +#define ph_size (fm->cls == ELFCLASS32 \ + ? sizeof ph32 \ + : sizeof ph64) #define ph_type (fm->cls == ELFCLASS32 \ ? getu32(fm, ph32.p_type) \ : getu32(fm, ph64.p_type)) @@ -122,6 +128,11 @@ doshn(fmagic fm, off_t off, int num, size_t size) Elf32_Shdr sh32; Elf64_Shdr sh64; + if (size != sh_size) { + error(EXIT_FAILURE, 0, "corrupted program header size.\n"); + /*@notreached@*/ + } + if (lseek(fm->fd, off, SEEK_SET) == -1) { error(EXIT_FAILURE, 0, "lseek failed (%s).\n", strerror(errno)); /*@notreached@*/ @@ -162,6 +173,11 @@ dophn_exec(fmagic fm, off_t off, int num, size_t size) int bufsize; size_t offset, nameoffset; + if (size != ph_size) { + error(EXIT_FAILURE, 0, "corrupted program header size.\n"); + /*@notreached@*/ + } + if (lseek(fm->fd, off, SEEK_SET) == -1) { error(EXIT_FAILURE, 0, "lseek failed (%s).\n", strerror(errno)); /*@notreached@*/ @@ -376,6 +392,11 @@ dophn_core(fmagic fm, off_t off, int num, size_t size) int bufsize; int os_style = -1; + if (size != ph_size) { + error(EXIT_FAILURE, 0, "corrupted program header size.\n"); + /*@notreached@*/ + } + /* * Loop through all the program headers. */ |