libelf: Make sure ar_size starts with a digit before calling atol.

The ar_size field is a 10 character string, not zero terminated, of
decimal digits right padded with spaces.  Make sure it actually starts
with a digit before calling atol on it.  We already make sure it is
zero terminated. Otherwise atol might produce unexpected results.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 1883af0725dd15deab55c9eb2f18434773a2c77f..07dd905f96e99686a29c766e2cb82b785d694494 100644 (file)
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2022-03-17  Mark Wielaard  <mark@klomp.org>
+
+       * elf_begin.c (read_long_names): Check ar_size starts with a digit.
+
 2022-03-17  Mark Wielaard  <mark@klomp.org>
 
        * elf_begin.c (get_shnum): Take offset into account for Shdr

diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 53bbff4077b82fa8dd06845b06e79c23fb819a1e..17d9b1f3cc46e6b2b775520484ebd6775b7cd2e3 100644 (file)
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -765,6 +765,11 @@ read_long_names (Elf *elf)
          *((char *) mempcpy (buf, hdr->ar_size, sizeof (hdr->ar_size))) = '\0';
          string = buf;
        }
+
+      /* atol expects to see at least one digit.
+        It also cannot be negative (-).  */
+      if (!isdigit(string[0]))
+       return NULL;
       len = atol (string);
 
       if (memcmp (hdr->ar_name, "//              ", 16) == 0)