diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-04-26 12:09:23 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-04-26 12:10:11 +0000 |
commit | 4a45ace18ee164914d795f6ae41f3e699bd67840 (patch) | |
tree | 3c325a9fa083717c0036fdcc7b708f67897a4017 /main/elfutils/CVE-2017-7607.patch | |
parent | dce69ea875cc48c158b5b73826e65032ba14965e (diff) | |
download | aports-4a45ace18ee164914d795f6ae41f3e699bd67840.tar.bz2 aports-4a45ace18ee164914d795f6ae41f3e699bd67840.tar.xz |
main/elfutils: security fixes #7160
Diffstat (limited to 'main/elfutils/CVE-2017-7607.patch')
-rw-r--r-- | main/elfutils/CVE-2017-7607.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/main/elfutils/CVE-2017-7607.patch b/main/elfutils/CVE-2017-7607.patch new file mode 100644 index 0000000000..b4af2fe3db --- /dev/null +++ b/main/elfutils/CVE-2017-7607.patch @@ -0,0 +1,34 @@ +From: Mark Wielaard <mark at klomp dot org> +To: elfutils-devel at sourceware dot org +Cc: Mark Wielaard <mark at klomp dot org> +Subject: [PATCH] readelf: Fix off by one sanity check in handle_gnu_hash. +Date: Fri, 24 Mar 2017 12:15:02 +0100 +Message-Id: <1490354102-21353-1-git-send-email-mark@klomp.org> +X-Mailer: git-send-email 1.8.3.1 + +We sanity check to make sure we don't index outside the chain array +by testing inner > max_nsyms. But inner is a zero-based index, while +max_nsyms is the maximum number. Change the check to inner >= max_nsyms. + +https://sourceware.org/bugzilla/show_bug.cgi?id=21299 + +Signed-off-by: Mark Wielaard <mark@klomp.org> +--- + src/readelf.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 8d96ba3..490b6d5 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -3263,7 +3263,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) + ++nsyms; + if (maxlength < ++lengths[cnt]) + ++maxlength; +- if (inner > max_nsyms) ++ if (inner >= max_nsyms) + goto invalid_data; + } + while ((chain[inner++] & 1) == 0); +-- +1.8.3.1 |