|
@@ -0,0 +1,24 @@
|
|
|
+Subject: Fix note bounds reading, Francisco Alonso / Red Hat
|
|
|
+ID: CVE-2014-3710
|
|
|
+Author: Christos Zoulas <christos@zoulas.com>
|
|
|
+Date: Fri Oct 17 15:49:00 2014 +0000
|
|
|
+Origin:
|
|
|
+ commit 39c7ac1106be844a5296d3eb5971946cc09ffda0
|
|
|
+Last-Update: 2014-11-09
|
|
|
+
|
|
|
+--- a/src/readelf.c
|
|
|
++++ b/src/readelf.c
|
|
|
+@@ -477,6 +477,13 @@
|
|
|
+ uint32_t namesz, descsz;
|
|
|
+ unsigned char *nbuf = CAST(unsigned char *, vbuf);
|
|
|
+
|
|
|
++ if (xnh_sizeof + offset > size) {
|
|
|
++ /*
|
|
|
++ * We're out of note headers.
|
|
|
++ */
|
|
|
++ return xnh_sizeof + offset;
|
|
|
++ }
|
|
|
++
|
|
|
+ (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
|
|
|
+ offset += xnh_sizeof;
|
|
|
+
|