c3-lang/libbsd

Browse

Commit 9d917aad37778a9f4a96ba358415f077f3f36f3b

Guillem Jover 2019-08-07T22:58:30

nlist: Fix out-of-bounds read on strtab When doing a string comparison for a symbol name from the string table, we should make sure we do a bounded comparison, otherwise a non-NUL terminated string might make the code read out-of-bounds. Warned-by: coverity 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

diff --git a/src/nlist.c b/src/nlist.c
index 8aa46a2..228c220 100644
--- a/src/nlist.c
+++ b/src/nlist.c
@@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list)
 		symsize -= cc;
 		for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
 			char *name;
+			Elf_Word size;
 			struct nlist *p;
 
 			name = strtab + s->st_name;
 			if (name[0] == '\0')
 				continue;
+			size = symstrsize - s->st_name;
 
 			for (p = list; !ISLAST(p); p++) {
 				if ((p->n_un.n_name[0] == '_' &&
-				    strcmp(name, p->n_un.n_name+1) == 0)
-				    || strcmp(name, p->n_un.n_name) == 0) {
+				     strncmp(name, p->n_un.n_name+1, size) == 0) ||
+				    strncmp(name, p->n_un.n_name, size) == 0) {
 					elf_sym_to_nlist(p, s, shdr,
 					    ehdr.e_shnum);
 					if (--nent <= 0)
kmx.io     mail     discord kmxgit v0.4.0