libebl: Check GNU property note data padding fits inside note.

The GNU property note data is padded. Make sure the extra padding
still fits in the note description.

https://sourceware.org/bugzilla/show_bug.cgi?id=24075

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 9cdf8995e108b11df9fe0d4f8c577d0d093c2bd9..acc68919acc3bc172fb9e1d3d026682d4e5ffe45 100644 (file)
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,3 +1,8 @@
+2019-01-29  Mark Wielaard  <mark@klomp.org>
+
+       * eblobjnote.c (ebl_object_note): Check pr_datasz padding doesn't
+       overflow descsz.
+
 2019-01-16  Mark Wielaard  <mark@klomp.org>
 
        * libebl.h (ebl_core_note): Add desc as argument.

diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
index 9094715c9107cd6a0aff7ee83691dd583533b527..f7ac915c59b2841edc24f6316fb70dc01b7bfd85 100644 (file)
--- a/libebl/eblobjnote.c
+++ b/libebl/eblobjnote.c
@@ -496,16 +496,17 @@ ebl_object_note (Ebl *ebl, uint32_t namesz, const char *name, uint32_t type,
                          printf ("%02" PRIx8 "\n", (uint8_t) desc[i]);
                        }
                    }
+
                  if (elfclass == ELFCLASS32)
-                   {
-                     desc += NOTE_ALIGN4 (prop.pr_datasz);
-                     descsz -= NOTE_ALIGN4 (prop.pr_datasz);
-                   }
+                   prop.pr_datasz = NOTE_ALIGN4 (prop.pr_datasz);
                  else
-                   {
-                     desc += NOTE_ALIGN8 (prop.pr_datasz);
-                     descsz -= NOTE_ALIGN8 (prop.pr_datasz);
-                   }
+                   prop.pr_datasz = NOTE_ALIGN8 (prop.pr_datasz);
+
+                 desc += prop.pr_datasz;
+                 if (descsz > prop.pr_datasz)
+                   descsz -= prop.pr_datasz;
+                 else
+                   descsz = 0;
                }
            }
          break;