nlist: Fix out-of-bounds read on strtab

author Guillem Jover <guillem@hadrons.org>

Wed, 7 Aug 2019 20:58:30 +0000 (22:58 +0200)

committer Guillem Jover <guillem@hadrons.org>

Thu, 8 Aug 2019 01:22:52 +0000 (03:22 +0200)
author Guillem Jover <guillem@hadrons.org>
Wed, 7 Aug 2019 20:58:30 +0000 (22:58 +0200)
committer Guillem Jover <guillem@hadrons.org>
Thu, 8 Aug 2019 01:22:52 +0000 (03:22 +0200)
diff --git a/src/nlist.c b/src/nlist.c

index 8aa46a23bdca94baa1953e9ad00f1c433e3a0014..228c220973bdc9bde20ae2e5827d868e56a9a70e 100644 (file)
--- a/src/nlist.c
+++ b/src/nlist.c
@@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list)
                 symsize -= cc;
                 for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
                         char *name;
+                       Elf_Word size;
                         struct nlist *p;
  
                         name = strtab + s->st_name;
                         if (name[0] == '\0')
                                 continue;
+                       size = symstrsize - s->st_name;
  
                         for (p = list; !ISLAST(p); p++) {
                                 if ((p->n_un.n_name[0] == '_' &&
-                                   strcmp(name, p->n_un.n_name+1) == 0)
-                                   || strcmp(name, p->n_un.n_name) == 0) {
+                                    strncmp(name, p->n_un.n_name+1, size) == 0) ||
+                                   strncmp(name, p->n_un.n_name, size) == 0) {
                                         elf_sym_to_nlist(p, s, shdr,
                                             ehdr.e_shnum);
                                         if (--nent <= 0)
author	Guillem Jover <guillem@hadrons.org>
	Wed, 7 Aug 2019 20:58:30 +0000 (22:58 +0200)
committer	Guillem Jover <guillem@hadrons.org>
	Thu, 8 Aug 2019 01:22:52 +0000 (03:22 +0200)