Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 477754 Details for
Bug 618004
<dev-libs/elfutils-0.169-r1: multiple vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2017-7607.patch
CVE-2017-7607.patch (text/plain), 1.12 KB, created by
Andrey Ovcharov
on 2017-06-24 00:16:44 UTC
(
hide
)
Description:
CVE-2017-7607.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-06-24 00:16:44 UTC
Size:
1.12 KB
patch
obsolete
>From: Mark Wielaard <mark at klomp dot org> >To: elfutils-devel at sourceware dot org >Cc: Mark Wielaard <mark at klomp dot org> >Subject: [PATCH] readelf: Fix off by one sanity check in handle_gnu_hash. >Date: Fri, 24 Mar 2017 12:15:02 +0100 >Message-Id: <1490354102-21353-1-git-send-email-mark@klomp.org> >X-Mailer: git-send-email 1.8.3.1 > >We sanity check to make sure we don't index outside the chain array >by testing inner > max_nsyms. But inner is a zero-based index, while >max_nsyms is the maximum number. Change the check to inner >= max_nsyms. > >https://sourceware.org/bugzilla/show_bug.cgi?id=21299 > >Signed-off-by: Mark Wielaard <mark@klomp.org> >--- > src/readelf.c | 2 +- > 2 files changed, 6 insertions(+), 1 deletion(-) > >diff --git a/src/readelf.c b/src/readelf.c >index 8d96ba3..490b6d5 100644 >--- a/src/readelf.c >+++ b/src/readelf.c >@@ -3263,7 +3263,7 @@ handle_gnu_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) > ++nsyms; > if (maxlength < ++lengths[cnt]) > ++maxlength; >- if (inner > max_nsyms) >+ if (inner >= max_nsyms) > goto invalid_data; > } > while ((chain[inner++] & 1) == 0); >-- >1.8.3.1
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 618004
: 477754 |
477756