readelf: Robustify print_phdr program interpreter printing.

Check phdr->p_filesz and make sure interpreter string is zero terminated before calling printf. Reported-by: Florian Weimer <[email protected]> Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-02-07 14:23:24 +0100
committer: Mark Wielaard <[email protected]> 2014-02-07 14:23:24 +0100
commit: 43c9c2d0d8422cb584e3c97df5edde5d7be53173 (patch)
tree: c08635f30757d1822c213a3c3b1007a440c36524 /src
parent: 50d5b2cbfe7e2d790c91e6f799a59c70ab4839ff (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 134ad905..ad3b2b13 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-02-07  Mark Wielaard  <[email protected]>
+
+	* readelf.c (print_phdr): Check phdr->p_filesz and make sure
+	interpreter string is zero terminated before calling printf.
+
 2014-01-22  Mark Wielaard  <[email protected]>
 
 	* Makefile.am (nm_no_Wformat): Removed.
diff --git a/src/readelf.c b/src/readelf.c
index 5c5ad3d8..fb954635 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1191,7 +1191,10 @@ print_phdr (Ebl *ebl, GElf_Ehdr *ehdr)
 	  size_t maxsize;
 	  char *filedata = elf_rawfile (ebl->elf, &maxsize);
 
-	  if (filedata != NULL && phdr->p_offset < maxsize)
+	  if (filedata != NULL && phdr->p_offset < maxsize
+	      && phdr->p_filesz <= maxsize - phdr->p_offset
+	      && memchr (filedata + phdr->p_offset, '\0',
+			 phdr->p_filesz) != NULL)
 	    printf (gettext ("\t[Requesting program interpreter: %s]\n"),
 		    filedata + phdr->p_offset);
 	}
author	Mark Wielaard <[email protected]>	2014-02-07 14:23:24 +0100
committer	Mark Wielaard <[email protected]>	2014-02-07 14:23:24 +0100
commit	43c9c2d0d8422cb584e3c97df5edde5d7be53173 (patch)
tree	c08635f30757d1822c213a3c3b1007a440c36524 /src
parent	50d5b2cbfe7e2d790c91e6f799a59c70ab4839ff (diff)