From: H.J. Lu <hjl.tools@gmail.com>
Date: Fri, 27 Jul 2018 20:20:51 +0000 (-0700)
Subject: x86/CET: Don't parse beyond the note end
X-Git-Tag: glibc-2.28~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4591b7db23bf5f58f6dbd81a5d9f926bf765cd09;p=thirdparty%2Fglibc.git

x86/CET: Don't parse beyond the note end

Simply check if "ptr < ptr_end" since "ptr" is always incremented by 8.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
	parse beyond the note end.
---

diff --git a/ChangeLog b/ChangeLog
index 50fc501865d..15b112266b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-07-27  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Don't
+	parse beyond the note end.
+
 2018-07-27  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	* sysdeps/unix/sysv/linux/tst-ofdlocks.c: Return unsupported if
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h
index d56e20a6dce..35d3f16a232 100644
--- a/sysdeps/x86/dl-prop.h
+++ b/sysdeps/x86/dl-prop.h
@@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l,
 	  unsigned char *ptr = (unsigned char *) (note + 1) + 4;
 	  unsigned char *ptr_end = ptr + note->n_descsz;
 
-	  while (1)
+	  while (ptr < ptr_end)
 	    {
 	      unsigned int type = *(unsigned int *) ptr;
 	      unsigned int datasz = *(unsigned int *) (ptr + 4);