[PATCH v2] Bug fix to ELF Loader which rejects valid ELFs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Check was incorrectly being applied to size of elf phdrs, instead
of the number. The ELF standard allows for up to 65535 headers, but
the check was being compared to the number of headers multiplied by
the size of a program header.
---
 fs/binfmt_elf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 13d053982dd7..f21896f250d2 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -445,11 +445,11 @@ static struct elf_phdr *load_elf_phdrs(const struct
elfhdr *elf_ex,
 		goto out;
 
 	/* Sanity check the number of program headers... */
-	/* ...and their total size. */
-	size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
-	if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
+	if (elf_ex->e_phnum == 0)
 		goto out;
 
+    size = array_size(sizeof(*elf_phdata), elf_ex->e_phnum);
+
 	elf_phdata = kmalloc(size, GFP_KERNEL);
 	if (!elf_phdata)
 		goto out;
-- 
2.17.1

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux