PR 24242
* readelf.c (print_ia64_vms_note): Harden against corrupt notes.
+2019-02-20 Nick Clifton <nickc@redhat.com>
+
+ PR 24242
+ * readelf.c (print_ia64_vms_note): Harden against corrupt notes.
+
2019-02-20 Alan Modra <amodra@gmail.com>
PR 24132
2019-02-20 Alan Modra <amodra@gmail.com>
PR 24132
static bfd_boolean
print_ia64_vms_note (Elf_Internal_Note * pnote)
{
static bfd_boolean
print_ia64_vms_note (Elf_Internal_Note * pnote)
{
+ int maxlen = pnote->descsz;
+
+ if (maxlen < 2 || (unsigned long) maxlen != pnote->descsz)
+ goto desc_size_fail;
+
switch (pnote->type)
{
case NT_VMS_MHD:
switch (pnote->type)
{
case NT_VMS_MHD:
- if (pnote->descsz > 36)
- {
- size_t l = strlen (pnote->descdata + 34);
- printf (_(" Creation date : %.17s\n"), pnote->descdata);
- printf (_(" Last patch date: %.17s\n"), pnote->descdata + 17);
- printf (_(" Module name : %s\n"), pnote->descdata + 34);
- printf (_(" Module version : %s\n"), pnote->descdata + 34 + l + 1);
- }
+ if (maxlen <= 36)
+ goto desc_size_fail;
+
+ int l = (int) strnlen (pnote->descdata + 34, maxlen - 34);
+
+ printf (_(" Creation date : %.17s\n"), pnote->descdata);
+ printf (_(" Last patch date: %.17s\n"), pnote->descdata + 17);
+ if (l + 34 < maxlen)
+ {
+ printf (_(" Module name : %s\n"), pnote->descdata + 34);
+ if (l + 35 < maxlen)
+ printf (_(" Module version : %s\n"), pnote->descdata + 34 + l + 1);
+ else
+ printf (_(" Module version : <missing>\n"));
+ }
- printf (_(" Invalid size\n"));
+ {
+ printf (_(" Module name : <missing>\n"));
+ printf (_(" Module version : <missing>\n"));
+ }
- printf (_(" Language: %s\n"), pnote->descdata);
+ printf (_(" Language: %.*s\n"), maxlen, pnote->descdata);
#ifdef BFD64
case NT_VMS_FPMODE:
printf (_(" Floating Point mode: "));
#ifdef BFD64
case NT_VMS_FPMODE:
printf (_(" Floating Point mode: "));
+ if (maxlen < 8)
+ goto desc_size_fail;
+ /* FIXME: Generate an error if descsz > 8 ? */
+
printf ("0x%016" BFD_VMA_FMT "x\n",
printf ("0x%016" BFD_VMA_FMT "x\n",
- (bfd_vma) byte_get ((unsigned char *)pnote->descdata, 8));
+ (bfd_vma) byte_get ((unsigned char *)pnote->descdata, 8));
case NT_VMS_LINKTIME:
printf (_(" Link time: "));
case NT_VMS_LINKTIME:
printf (_(" Link time: "));
+ if (maxlen < 8)
+ goto desc_size_fail;
+ /* FIXME: Generate an error if descsz > 8 ? */
+
- ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
+ ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
case NT_VMS_PATCHTIME:
printf (_(" Patch time: "));
case NT_VMS_PATCHTIME:
printf (_(" Patch time: "));
+ if (maxlen < 8)
+ goto desc_size_fail;
+ /* FIXME: Generate an error if descsz > 8 ? */
+
- ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
+ ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
+ if (maxlen < 34)
+ goto desc_size_fail;
+
printf (_(" Major id: %u, minor id: %u\n"),
(unsigned) byte_get ((unsigned char *)pnote->descdata, 4),
(unsigned) byte_get ((unsigned char *)pnote->descdata + 4, 4));
printf (_(" Major id: %u, minor id: %u\n"),
(unsigned) byte_get ((unsigned char *)pnote->descdata, 4),
(unsigned) byte_get ((unsigned char *)pnote->descdata + 4, 4));
(bfd_vma) byte_get ((unsigned char *)pnote->descdata + 16, 8));
printf (_(" Header flags: 0x%08x\n"),
(unsigned) byte_get ((unsigned char *)pnote->descdata + 24, 4));
(bfd_vma) byte_get ((unsigned char *)pnote->descdata + 16, 8));
printf (_(" Header flags: 0x%08x\n"),
(unsigned) byte_get ((unsigned char *)pnote->descdata + 24, 4));
- printf (_(" Image id : %s\n"), pnote->descdata + 32);
+ printf (_(" Image id : %.*s\n"), maxlen - 32, pnote->descdata + 32);
- printf (_(" Image name: %s\n"), pnote->descdata);
+ printf (_(" Image name: %.*s\n"), maxlen, pnote->descdata);
- printf (_(" Global symbol table name: %s\n"), pnote->descdata);
+ printf (_(" Global symbol table name: %.*s\n"), maxlen, pnote->descdata);
- printf (_(" Image id: %s\n"), pnote->descdata);
+ printf (_(" Image id: %.*s\n"), maxlen, pnote->descdata);
- printf (_(" Linker id: %s\n"), pnote->descdata);
+ printf (_(" Linker id: %.*s\n"), maxlen, pnote->descdata);
+
+ desc_size_fail:
+ printf (_(" <corrupt - data size is too small>\n"));
+ error (_("corrupt IA64 note: data size is too small\n"));
+ return FALSE;
}
/* Find the symbol associated with a build attribute that is attached
}
/* Find the symbol associated with a build attribute that is attached