Re: [PATCH v4 bpf-next 01/10] lib/buildid: harden build ID parsing logic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> +		name_sz = READ_ONCE(nhdr->n_namesz);
> +		desc_sz = READ_ONCE(nhdr->n_descsz);
> +		new_offs = note_offs + sizeof(Elf32_Nhdr) + ALIGN(name_sz, 4) + ALIGN(desc_sz, 4);

Don't you need to check the name_sz and desc_sz overflows separately?

Otherwise name_sz could be ~0 and desc_sz small (or reversed) and the check
below wouldn't trigger, but still bad things could happen.


> +		if (new_offs <= note_offs /* overflow */ || new_offs > note_size)
> +			break;

-Andi




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux