Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
elfutils.14006
elfutils-check-for-overflow-before-calling-mall...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch of Package elfutils.14006
From: Mark Wielaard <mjw@redhat.com> Subject: Check for overflow before calling malloc to uncompress data. Date: Wed Apr 9 11:33:23 2014 +0200 Git-commit: 7f1eec317db79627b473c5b149a22a1b20d1f68f References: CVE-2014-0172, bnc#872785 Signed-off-by: Tony Jones <tonyj@suse.de> CVE-2014-0172 Check for overflow before calling malloc to uncompress data. https://bugzilla.redhat.com/show_bug.cgi?id=1085663 Reported-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Mark Wielaard <mjw@redhat.com> diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c index 79daeac..34ea373 100644 --- a/libdw/dwarf_begin_elf.c +++ b/libdw/dwarf_begin_elf.c @@ -1,5 +1,5 @@ /* Create descriptor from ELF descriptor for processing file. - Copyright (C) 2002-2011 Red Hat, Inc. + Copyright (C) 2002-2011, 2014 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <drepper@redhat.com>, 2002. @@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) memcpy (&size, data->d_buf + 4, sizeof size); size = be64toh (size); + /* Check for unsigned overflow so malloc always allocated + enough memory for both the Elf_Data header and the + uncompressed section data. */ + if (unlikely (sizeof (Elf_Data) + size < size)) + break; + Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); if (unlikely (zdata == NULL)) break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor