Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 477756 Details for
Bug 618004
<dev-libs/elfutils-0.169-r1: multiple vulnerabilities
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2017-7608.patch
CVE-2017-7608.patch (text/plain), 3.76 KB, created by
Andrey Ovcharov
on 2017-06-24 00:17:10 UTC
(
hide
)
Description:
CVE-2017-7608.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-06-24 00:17:10 UTC
Size:
3.76 KB
patch
obsolete
>From: Mark Wielaard <mark at klomp dot org> >To: elfutils-devel at sourceware dot org >Cc: Mark Wielaard <mark at klomp dot org> >Subject: [PATCH] Use the empty string for note names with zero size (without any data). >Date: Fri, 24 Mar 2017 14:10:26 +0100 >Message-Id: <1490361026-7608-1-git-send-email-mark@klomp.org> >X-Mailer: git-send-email 1.8.3.1 > >ELF notes can have a zero sized name. In which case there is no data at >all (so also no zero terminator). Make sure to use the empty string for >such notes if the code does not otherwise explicitly check n_namesz. > >https://sourceware.org/bugzilla/show_bug.cgi?id=21300 > >Signed-off-by: Mark Wielaard <mark@klomp.org> >--- > libdwfl/linux-core-attach.c | 9 ++++++--- > src/elfcmp.c | 6 ++++-- > src/readelf.c | 2 +- > 5 files changed, 23 insertions(+), 6 deletions(-) > >diff --git a/libdwfl/linux-core-attach.c b/libdwfl/linux-core-attach.c >index 93d0e46..f82ed03 100644 >--- a/libdwfl/linux-core-attach.c >+++ b/libdwfl/linux-core-attach.c >@@ -125,7 +125,8 @@ core_next_thread (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg, > &desc_offset)) > 0) > { > /* Do not check NAME for now, help broken Linux kernels. */ >- const char *name = note_data->d_buf + name_offset; >+ const char *name = (nhdr.n_namesz == 0 >+ ? "" : note_data->d_buf + name_offset); > const char *desc = note_data->d_buf + desc_offset; > GElf_Word regs_offset; > size_t nregloc; >@@ -178,7 +179,8 @@ core_set_initial_registers (Dwfl_Thread *thread, void *thread_arg_voidp) > /* __libdwfl_attach_state_for_core already verified the note is there. */ > assert (getnote_err != 0); > /* Do not check NAME for now, help broken Linux kernels. */ >- const char *name = note_data->d_buf + name_offset; >+ const char *name = (nhdr.n_namesz == 0 >+ ? "" : note_data->d_buf + name_offset); > const char *desc = note_data->d_buf + desc_offset; > GElf_Word regs_offset; > size_t nregloc; >@@ -367,7 +369,8 @@ dwfl_core_file_attach (Dwfl *dwfl, Elf *core) > &nhdr, &name_offset, &desc_offset)) > 0) > { > /* Do not check NAME for now, help broken Linux kernels. */ >- const char *name = note_data->d_buf + name_offset; >+ const char *name = (nhdr.n_namesz == 0 >+ ? "" : note_data->d_buf + name_offset); > const char *desc = note_data->d_buf + desc_offset; > GElf_Word regs_offset; > size_t nregloc; > >diff --git a/src/elfcmp.c b/src/elfcmp.c >index 7673cf2..5046420 100644 >--- a/src/elfcmp.c >+++ b/src/elfcmp.c >@@ -419,7 +419,8 @@ main (int argc, char *argv[]) > && (off1 = gelf_getnote (data1, off1, ¬e1, > &name_offset, &desc_offset)) > 0) > { >- const char *name1 = data1->d_buf + name_offset; >+ const char *name1 = (note1.n_namesz == 0 >+ ? "" : data1->d_buf + name_offset); > const void *desc1 = data1->d_buf + desc_offset; > if (off2 >= data2->d_size) > { >@@ -435,7 +436,8 @@ main (int argc, char *argv[]) > error (2, 0, gettext ("\ > cannot read note section [%zu] '%s' in '%s': %s"), > elf_ndxscn (scn2), sname2, fname2, elf_errmsg (-1)); >- const char *name2 = data2->d_buf + name_offset; >+ const char *name2 = (note2.n_namesz == 0 >+ ? "" : data2->d_buf + name_offset); > const void *desc2 = data2->d_buf + desc_offset; > > if (note1.n_namesz != note2.n_namesz >diff --git a/src/readelf.c b/src/readelf.c >index 490b6d5..97a43b0 100644 >--- a/src/readelf.c >+++ b/src/readelf.c >@@ -9365,7 +9365,7 @@ handle_notes_data (Ebl *ebl, const GElf_Ehdr *ehdr, > && (offset = gelf_getnote (data, offset, > &nhdr, &name_offset, &desc_offset)) > 0) > { >- const char *name = data->d_buf + name_offset; >+ const char *name = nhdr.n_namesz == 0 ? "" : data->d_buf + name_offset; > const char *desc = data->d_buf + desc_offset; > > char buf[100]; >-- >1.8.3.1
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 618004
:
477754
| 477756