From: Mark Wielaard <mark@klomp.org>
Date: Tue, 5 Jun 2018 19:52:46 +0000 (+0200)
Subject: readelf: Don't leak lengths array when detecting an invalid hash chain.
X-Git-Tag: elfutils-0.172~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50478b80cede080891996cf080581ca2a0611ce8;p=thirdparty%2Felfutils.git

readelf: Don't leak lengths array when detecting an invalid hash chain.

In both handle_sysv_hash and handle_sysv_hash64 we check the has chain
isn't too long. If it is we would report an error and leak the lengths
array. Just clean up the array even in the error case.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 83c853276..65f9dc772 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2018-06-05  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (handle_sysv_hash): Don't leak lengths array when
+	detecting an invalid chain.
+	(handle_sysv_hash64): Likewise.
+
 2018-06-05  Mark Wielaard  <mark@klomp.org>
 
 	* readelf.c (print_debug_macro_section): Extend vendor array by one
diff --git a/src/readelf.c b/src/readelf.c
index 11a9b0e7a..233312fe3 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -3213,7 +3213,12 @@ handle_sysv_hash (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 	  ++nsyms;
 	  ++chain_len;
 	  if (chain_len > nchain)
-	    goto invalid_data;
+	    {
+	      error (0, 0, gettext ("invalid chain in sysv.hash section %d"),
+		     (int) elf_ndxscn (scn));
+	      free (lengths);
+	      return;
+	    }
 	  if (maxlength < ++lengths[cnt])
 	    ++maxlength;
 
@@ -3274,7 +3279,12 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx)
 	  ++nsyms;
 	  ++chain_len;
 	  if (chain_len > nchain)
-	    goto invalid_data;
+	    {
+	      error (0, 0, gettext ("invalid chain in sysv.hash64 section %d"),
+		     (int) elf_ndxscn (scn));
+	      free (lengths);
+	      return;
+	    }
 	  if (maxlength < ++lengths[cnt])
 	    ++maxlength;