Fix check for buffer overflow when processing version information.

author Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index f099467d3fd5484e3e6a737c4a1e8fdd98cc58b2..ebaedccf7cbc4e51a0e64b8ee96b9997de131c8b 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-13  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21148
+       * readelf.c (process_version_sections): Include size of auxillary
+       version information when checking for buffer overflow.
+
  2017-02-13  Nick Clifton  <nickc@redhat.com>
  
         PR binutils/21147
diff --git a/binutils/readelf.c b/binutils/readelf.c

index 6fd7ff7a1e6ed2294e195db0ea1346340997a4db..a61befef3fbd92a8e392b81618d496f068433087 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -10019,7 +10019,7 @@ process_version_sections (FILE * file)
                         ent.vd_ndx, ent.vd_cnt);
  
                 /* Check for overflow.  */
-               if (ent.vd_aux > (size_t) (endbuf - vstart))
+               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
                   break;
  
                 vstart += ent.vd_aux;
author	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
binutils/ChangeLog		patch \| blob \| history
binutils/readelf.c		patch \| blob \| history