From: Mark Wielaard <mjw@redhat.com>
Date: Fri, 7 Feb 2014 13:23:24 +0000 (+0100)
Subject: readelf: Robustify print_phdr program interpreter printing.
X-Git-Tag: elfutils-0.159~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43c9c2d0d8422cb584e3c97df5edde5d7be53173;p=thirdparty%2Felfutils.git

readelf: Robustify print_phdr program interpreter printing.

Check phdr->p_filesz and make sure interpreter string is zero terminated
before calling printf.

Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 134ad9053..ad3b2b135 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-02-07  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_phdr): Check phdr->p_filesz and make sure
+	interpreter string is zero terminated before calling printf.
+
 2014-01-22  Mark Wielaard  <mjw@redhat.com>
 
 	* Makefile.am (nm_no_Wformat): Removed.
diff --git a/src/readelf.c b/src/readelf.c
index 5c5ad3d83..fb9546359 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1191,7 +1191,10 @@ print_phdr (Ebl *ebl, GElf_Ehdr *ehdr)
 	  size_t maxsize;
 	  char *filedata = elf_rawfile (ebl->elf, &maxsize);
 
-	  if (filedata != NULL && phdr->p_offset < maxsize)
+	  if (filedata != NULL && phdr->p_offset < maxsize
+	      && phdr->p_filesz <= maxsize - phdr->p_offset
+	      && memchr (filedata + phdr->p_offset, '\0',
+			 phdr->p_filesz) != NULL)
 	    printf (gettext ("\t[Requesting program interpreter: %s]\n"),
 		    filedata + phdr->p_offset);
 	}