git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: wheezy/5.1
Branches Tags
file
/
debian
/
patches
/
CVE-2014-9653.2.445c8fb.patch

CVE-2014-9653.2.445c8fb.patch 1.1 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637 
  1. Subject: Bail out on partial reads, from Alexander Cherepanov (...)
    2. 

  2. ID: CVE-2014-9653
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Tue Dec 16 20:53:05 2014 +0000
    5. 

  5. Origin: FILE5_21-10-g445c8fb
    6. 

  6. Last-Update: 2015-02-15
    7. 

  7. 

  8.     Bail out on partial reads, from Alexander Cherepanov
    9. 

  9.     
    10. 

  10.     Note: Parts of that patch had already been cherry-picked as
    11. 

  11.          TEMP-0000000-B67840.11.445c8fb.patch
    12. 

  12. 

  13. --- a/src/readelf.c
    14. 

  14. +++ b/src/readelf.c
    15. 

  15. @@ -1014,7 +1014,7 @@
    16. 

  16.  	}
    17. 

  17.  
    18. 

  18.  	/* Read offset of name section to be able to read section names later */
    19. 

  19. -	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
    20. 

  20. +	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) < (ssize_t)xsh_sizeof) {
    21. 

  21.  		file_badread(ms);
    22. 

  22.  		return -1;
    23. 

  23.  	}
    24. 

  24. @@ -1022,11 +1022,11 @@
    25. 

  25.  
    26. 

  26.  	for ( ; num; num--) {
    27. 

  27.  		/* Read the name of this section. */
    28. 

  28. -		if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
    29. 

  29. +		if ((namesize = pread(fd, name, sizeof(name) - 1, name_off + xsh_name)) == -1) {
    30. 

  30.  			file_badread(ms);
    31. 

  31.  			return -1;
    32. 

  32.  		}
    33. 

  33. -		name[sizeof(name) - 1] = '\0';
    34. 

  34. +		name[namesize] = '\0';
    35. 

  35.  		if (strcmp(name, ".debug_info") == 0)
    36. 

  36.  			stripped = 0;
    37. 

  37.  
    38.