Subject: Fix note bounds reading, Francisco Alonso / Red Hat ID: CVE-2014-3710 Author: Christos Zoulas Date: Fri Oct 17 15:49:00 2014 +0000 Origin: commit 39c7ac1106be844a5296d3eb5971946cc09ffda0 Last-Update: 2014-11-09 --- a/src/readelf.c +++ b/src/readelf.c @@ -477,6 +477,13 @@ uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf); + if (xnh_sizeof + offset > size) { + /* + * We're out of note headers. + */ + return xnh_sizeof + offset; + } + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); offset += xnh_sizeof;