diff options
| author |   Sergei Trofimovich <slyfox@gentoo.org> | 2017-10-28 22:06:25 +0100 |
|---|---|---|
| committer | Sergei Trofimovich <slyfox@gentoo.org> | 2017-10-28 22:06:36 +0100 |
| commit | b3c5759b316133acdf7fc698df524bb5472b4a7a (patch) | |
| tree | 63c4e4e4afb2373ba26e8e32f53b064ff8431aa2 /dev-util/radare2/files | |
| parent | net-wireless/wpa_supplicant: HOMEPAGE, avoid redirect (diff) | |
| download | gentoo-b3c5759b316133acdf7fc698df524bb5472b4a7a.tar.gz gentoo-b3c5759b316133acdf7fc698df524bb5472b4a7a.tar.bz2 gentoo-b3c5759b316133acdf7fc698df524bb5472b4a7a.zip | |
dev-util/radare2: fix 32-bit overflow in ELF parsing, bug #635618
Bug: https://bugs.gentoo.org/635618
Package-Manager: Portage-2.3.13, Repoman-2.3.4
Diffstat (limited to 'dev-util/radare2/files')
| -rw-r--r-- | dev-util/radare2/files/radare2-2.0.1-635618-p1.patch | 29 | ||||
| -rw-r--r-- | dev-util/radare2/files/radare2-2.0.1-635618-p2.patch | 30 |
2 files changed, 59 insertions, 0 deletions
diff --git a/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch b/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch new file mode 100644 index 000000000000..5644e50cc115 --- /dev/null +++ b/dev-util/radare2/files/radare2-2.0.1-635618-p1.patch @@ -0,0 +1,29 @@ +From c6d0076c924891ad9948a62d89d0bcdaf965f0cd Mon Sep 17 00:00:00 2001 +From: pancake <pancake@nopcode.org> +Date: Wed, 25 Oct 2017 18:00:11 +0200 +Subject: [PATCH] Fix #8731 - Crash in ELF parser with negative 32bit number + +--- + libr/bin/format/elf/elf.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c +index 90f6acd30..e3c852fd3 100644 +--- a/libr/bin/format/elf/elf.c ++++ b/libr/bin/format/elf/elf.c +@@ -900,7 +900,11 @@ static Sdb *store_versioninfo_gnu_verneed(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) + free (s); + } + sdb_num_set (sdb_version, "cnt", entry->vn_cnt, 0); +- vstart += entry->vn_aux; ++ st32 vnaux = entry->vn_aux; ++ if (vnaux < 1) { ++ goto beach; ++ } ++ vstart += vnaux; + for (j = 0, isum = i + entry->vn_aux; j < entry->vn_cnt && vstart + sizeof (Elf_(Vernaux)) <= end; ++j) { + int k; + Elf_(Vernaux) * aux = NULL; +-- +2.14.3 + diff --git a/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch b/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch new file mode 100644 index 000000000000..242f4cc6220c --- /dev/null +++ b/dev-util/radare2/files/radare2-2.0.1-635618-p2.patch @@ -0,0 +1,30 @@ +From 44ded3ff35b8264f54b5a900cab32ec489d9e5b9 Mon Sep 17 00:00:00 2001 +From: pancake <pancake@nopcode.org> +Date: Wed, 25 Oct 2017 18:09:24 +0200 +Subject: [PATCH] Fix #8743 - Crash in ELF version parser on 32bit systems + +--- + libr/bin/format/elf/elf.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c +index e3c852fd3..2248731b3 100644 +--- a/libr/bin/format/elf/elf.c ++++ b/libr/bin/format/elf/elf.c +@@ -748,7 +748,12 @@ static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) + verdef->vd_hash = READ32 (dfs, j) + verdef->vd_aux = READ32 (dfs, j) + verdef->vd_next = READ32 (dfs, j) +- vstart += verdef->vd_aux; ++ int vdaux = verdef->vd_aux; ++ if (vdaux < 1) { ++ sdb_free (sdb_verdef); ++ goto out_error; ++ } ++ vstart += vdaux; + if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { + sdb_free (sdb_verdef); + goto out_error; +-- +2.14.3 + |