diff options
author | Christos Zoulas <christos@zoulas.com> | 2022-07-31 16:01:01 +0000 |
---|---|---|
committer | Christos Zoulas <christos@zoulas.com> | 2022-07-31 16:01:01 +0000 |
commit | e1233247bbe4d2d66b891224336a23384a93cce1 (patch) | |
tree | 2caabd8ad9864addf43dc36a47be0be62e17e6d9 | |
parent | 32dd44f083738f6de666542f398d5737c341d5e1 (diff) | |
download | file-git-e1233247bbe4d2d66b891224336a23384a93cce1.tar.gz |
PR/372: LevilJiang: Limit size of notes to 128M
-rw-r--r-- | src/readelf.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/readelf.c b/src/readelf.c index f838a885..6a6fd310 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.181 2022/07/07 17:19:52 christos Exp $") +FILE_RCSID("@(#)$File: readelf.c,v 1.182 2022/07/31 16:01:01 christos Exp $") #endif #ifdef BUILTIN_ELF @@ -62,6 +62,7 @@ private uint64_t getu64(int, uint64_t); #define MAX_PHNUM 128 #define MAX_SHNUM 32768 +#define MAX_SHSIZE (64 * 1024 * 1024) #define SIZE_UNKNOWN CAST(off_t, -1) private int @@ -1449,6 +1450,12 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, return -1; return 0; } + if (xsh_size > MAX_SHSIZE) { + file_error(ms, errno, "Note section size too " + "big (%ju > %u)", (uintmax_t)xsh_size, + MAX_SHSIZE); + return -1; + } if ((nbuf = malloc(xsh_size)) == NULL) { file_error(ms, errno, "Cannot allocate memory" " for note"); |