Subject: Bail out on partial reads, from Alexander Cherepanov (...)
ID: CVE-2014-9653
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Tue Dec 16 20:53:05 2014 +0000
Origin: FILE5_21-10-g445c8fb
Last-Update: 2015-02-15

    Bail out on partial reads, from Alexander Cherepanov
    
    Note: Parts of that patch had already been cherry-picked as
         TEMP-0000000-B67840.11.445c8fb.patch

--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1014,7 +1014,7 @@
 	}
 
 	/* Read offset of name section to be able to read section names later */
-	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
+	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) < (ssize_t)xsh_sizeof) {
 		file_badread(ms);
 		return -1;
 	}
@@ -1022,11 +1022,11 @@
 
 	for ( ; num; num--) {
 		/* Read the name of this section. */
-		if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
+		if ((namesize = pread(fd, name, sizeof(name) - 1, name_off + xsh_name)) == -1) {
 			file_badread(ms);
 			return -1;
 		}
-		name[sizeof(name) - 1] = '\0';
+		name[namesize] = '\0';
 		if (strcmp(name, ".debug_info") == 0)
 			stripped = 0;