diff options
| author | Alan Modra <amodra@bigpond.net.au> | 2008-07-27 03:43:51 +0000 |
|---|---|---|
| committer | Alan Modra <amodra@bigpond.net.au> | 2008-07-27 03:43:51 +0000 |
| commit | 69a7b5f79888513741e65a54216d7756474b76c2 (patch) | |
| tree | 44eb2d14308bbcf450cafae2c43cd3f4ab7fbbce | |
| parent | 868d33696107057e302b9ca3651ec39832039213 (diff) | |
| download | gdb-69a7b5f79888513741e65a54216d7756474b76c2.tar.gz | |
* elf.c (_bfd_elf_make_section_from_shdr): Ignore return from
elf_parse_notes. Use bfd_malloc_and_get_section.
(elf_parse_notes): Validate note namesz and descsz.
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/elf.c | 23 |
2 files changed, 18 insertions, 11 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 02dbbb14e83..643d7893e3d 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2008-07-27 Alan Modra <amodra@bigpond.net.au> + + * elf.c (_bfd_elf_make_section_from_shdr): Ignore return from + elf_parse_notes. Use bfd_malloc_and_get_section. + (elf_parse_notes): Validate note namesz and descsz. + 2008-07-26 Michael Eager <eager@eagercon.com> * elf32-ppc.c (ppc_elf_merge_obj_attributes): Check compatibility diff --git a/bfd/elf.c b/bfd/elf.c index e24b04e566c..71e16f7518d 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -935,20 +935,12 @@ _bfd_elf_make_section_from_shdr (bfd *abfd, PT_NOTEs from the core files are currently not parsed using BFD. */ if (hdr->sh_type == SHT_NOTE) { - char *contents; + bfd_byte *contents; - contents = bfd_malloc (hdr->sh_size); - if (!contents) + if (!bfd_malloc_and_get_section (abfd, newsect, &contents)) return FALSE; - if (!bfd_get_section_contents (abfd, hdr->bfd_section, contents, 0, - hdr->sh_size) - || !elf_parse_notes (abfd, contents, hdr->sh_size, -1)) - { - free (contents); - return FALSE; - } - + elf_parse_notes (abfd, (char *) contents, hdr->sh_size, -1); free (contents); } @@ -8536,14 +8528,23 @@ elf_parse_notes (bfd *abfd, char *buf, size_t size, file_ptr offset) Elf_External_Note *xnp = (Elf_External_Note *) p; Elf_Internal_Note in; + if (offsetof (Elf_External_Note, name) > buf - p + size) + return FALSE; + in.type = H_GET_32 (abfd, xnp->type); in.namesz = H_GET_32 (abfd, xnp->namesz); in.namedata = xnp->name; + if (in.namesz > buf - in.namedata + size) + return FALSE; in.descsz = H_GET_32 (abfd, xnp->descsz); in.descdata = in.namedata + BFD_ALIGN (in.namesz, 4); in.descpos = offset + (in.descdata - buf); + if (in.descsz != 0 + && (in.descdata >= buf + size + || in.descsz > buf - in.descdata + size)) + return FALSE; switch (bfd_get_format (abfd)) { |