blob: 85b9a9f91675d93b871a3d888ce65b7d60a7da8f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 5 Aug 2019 10:40:35 +0100
Subject: [PATCH] Catch potential integer overflow in readelf when processing
corrupt binaries.
PR 24829
* readelf.c (apply_relocations): Catch potential integer overflow
whilst checking reloc location against section size.
CVE: CVE-2019-14444
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
[Removed Changelog entry]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
diff --git a/binutils/readelf.c b/binutils/readelf.c
index b896ad9f406..e785fde43e7 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
}
rloc = start + rp->r_offset;
- if ((rloc + reloc_size) > end || (rloc < start))
+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
{
warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
(unsigned long) rp->r_offset,
|
