rpms / fapolicyd

Clone
Source Code
GIT

Blame SOURCES/fapolicyd-elf-parser.patch

c8 c8-beta c8s c9 c9-beta
  1.   2e13dddfd5932497bb7ada25b5925084fc9b5e0b
  2.   SOURCES
  3.   fapolicyd-elf-parser.patch
Blob History Raw
2e13dd 
From 2caac530f13bf69a988f65eb109f26a7311936c6 Mon Sep 17 00:00:00 2001
2e13dd 
From: Steve Grubb <sgrubb@redhat.com>
2e13dd 
Date: Thu, 20 Feb 2020 17:58:55 -0500
2e13dd 
Subject: [PATCH] Sanity check e_phentsize in ELF parser
2e13dd
2e13dd 
---
2e13dd 
 src/file.c | 12 ++++++++++++
2e13dd 
 1 file changed, 12 insertions(+)
2e13dd
2e13dd 
diff --git a/src/file.c b/src/file.c
2e13dd 
index 3c9d084..e0d4f85 100644
2e13dd 
--- a/src/file.c
2e13dd 
+++ b/src/file.c
2e13dd 
@@ -469,6 +469,12 @@ uint32_t gather_elf(int fd, off_t size)
2e13dd 
 		// We want to do a basic size check to make sure
2e13dd 
 		unsigned long sz =
2e13dd 
 			(unsigned)hdr->e_phentsize * (unsigned)hdr->e_phnum;
2e13dd 
+		/* Verify the entry size is right */
2e13dd 
+		if ((unsigned)hdr->e_phentsize != sizeof(Elf32_Phdr)) {
2e13dd 
+			info |= HAS_ERROR;
2e13dd 
+			free(hdr);
2e13dd 
+			goto rewind_out;
2e13dd 
+		}
2e13dd 
 		if (sz > ((unsigned long)size - sizeof(Elf32_Ehdr))) {
2e13dd 
 			info |= HAS_ERROR;
2e13dd 
 			free(hdr);
2e13dd 
@@ -600,6 +606,12 @@ uint32_t gather_elf(int fd, off_t size)
2e13dd 
 		// We want to do a basic size check to make sure
2e13dd 
 		unsigned long sz =
2e13dd 
 			(unsigned)hdr->e_phentsize * (unsigned)hdr->e_phnum;
2e13dd 
+		/* Verify the entry size is right */
2e13dd 
+		if ((unsigned)hdr->e_phentsize != sizeof(Elf64_Phdr)) {
2e13dd 
+			info |= HAS_ERROR;
2e13dd 
+			free(hdr);
2e13dd 
+			goto rewind_out;
2e13dd 
+		}
2e13dd 
 		if (sz > ((unsigned long)size - sizeof(Elf64_Ehdr))) {
2e13dd 
 			info |= HAS_ERROR;
2e13dd 
 			free(hdr);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation