libebl: Check GNU property note pr_datasz fits inside note description.

Before printing the data values, make sure pr_datasz doesn't go beyond
the end of the note description data.

https://sourceware.org/bugzilla/show_bug.cgi?id=24075

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 0174f33..77c2274 100644 (file)
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,3 +1,7 @@
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
+       * eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
+
 2018-12-02  Mark Wielaard  <mark@klomp.org>
 
        * eblobjnte.c (ebl_object_note): For GNU_PROPERTY_STACK_SIZE use

diff --git a/libebl/eblobjnote.c b/libebl/eblobjnote.c
index c19ea37..9094715 100644 (file)
--- a/libebl/eblobjnote.c
+++ b/libebl/eblobjnote.c
@@ -350,6 +350,13 @@ ebl_object_note (Ebl *ebl, uint32_t namesz, const char *name, uint32_t type,
                  desc += 8;
                  descsz -= 8;
 
+                 if (prop.pr_datasz > descsz)
+                   {
+                     printf ("BAD property datasz: %" PRId32 "\n",
+                             prop.pr_datasz);
+                     return;
+                   }
+
                  int elfclass = gelf_getclass (ebl->elf);
                  char *elfident = elf_getident (ebl->elf, NULL);
                  GElf_Ehdr ehdr;