blob: 7f5671b8340a329cc62f1cfcaa233759d5227528 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From df494f4ca494b5e1044052d96a6092a16ef1f6b3 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 9 Jun 2018 16:00:06 +0000
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
Upstream-Status: Backport
[https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22]
CVE: CVE-2018-10360
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
src/readelf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/readelf.c b/src/readelf.c
index 3df0836..d96a538 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -825,7 +825,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
cname = (unsigned char *)
&nbuf[doff + prpsoffsets(i)];
- for (cp = cname; *cp && isprint(*cp); cp++)
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
continue;
/*
* Linux apparently appends a space at the end
--
2.7.4
|
