libelf: gelf_getnote check for offset overflow.

Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-11-14 17:05:08 +0100
committer: Mark Wielaard <[email protected]> 2014-11-14 17:05:08 +0100
commit: df2fe50346828e8229185d297ac803428c727d2a (patch)
tree: fb7e47e80cc1b9b2d59bf2585251f89c2c4b7155 /libelf
parent: 2f8e4d338323f225a117b34f84155917a7e49271 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 45e220d0..4fbe94c9 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2014-11-14  Mark Wielaard  <[email protected]>
+
+	* gelf_getnote.c (gelf_getnote): Check offset overflow.
+
 2014-11-13  Mark Wielaard  <[email protected]>
 
 	* elf_getdata.c (__libelf_set_rawdata_wrlock): Fix unsigned overflow
diff --git a/libelf/gelf_getnote.c b/libelf/gelf_getnote.c
index 1a368553..8bb78c16 100644
--- a/libelf/gelf_getnote.c
+++ b/libelf/gelf_getnote.c
@@ -1,5 +1,5 @@
 /* Get note information at the supplied offset.
-   Copyright (C) 2007 Red Hat, Inc.
+   Copyright (C) 2007, 2014 Red Hat, Inc.
    This file is part of elfutils.
 
    This file is free software; you can redistribute it and/or modify
@@ -62,7 +62,8 @@ gelf_getnote (data, offset, result, name_offset, desc_offset)
 
   /* The data is already in the correct form.  Just make sure the
      offset is OK.  */
-  if (unlikely (offset + sizeof (GElf_Nhdr) > data->d_size))
+  if (unlikely (offset > data->d_size
+		|| data->d_size - offset < sizeof (GElf_Nhdr)))
     {
       __libelf_seterrno (ELF_E_OFFSET_RANGE);
       offset = 0;
author	Mark Wielaard <[email protected]>	2014-11-14 17:05:08 +0100
committer	Mark Wielaard <[email protected]>	2014-11-14 17:05:08 +0100
commit	df2fe50346828e8229185d297ac803428c727d2a (patch)
tree	fb7e47e80cc1b9b2d59bf2585251f89c2c4b7155 /libelf
parent	2f8e4d338323f225a117b34f84155917a7e49271 (diff)