[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/16] libelf: check nul-terminated strings properly

Matthew Daley writes ("Re: [PATCH 09/16] libelf: check nul-terminated strings 
properly"):
> I think I screwed up my explanation. I meant, if the user-supplied end
> address of the note section is way off base - outside of the actual
> image - elf_note_next will eventually read out-of-range 0s for the two
> note sizes, and return a out-of-range handle note just past the last
> one. elf_note_name will return NULL on this out-of-range note handle,
> and the loop continues - maybe for up to ~0ul / 12 'notes'.

Oh I see.

I think I should fix this by having elf_note_next check that the
returned value is in range and return ELF_MAX_PTRVAL if it isn't.

> I agree with the O(n^2) problem too, though.

This was a bit of a can of worms...

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.