[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/16] libelf: check nul-terminated strings properly

On Wed, Jun 5, 2013 at 5:13 AM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Matthew Daley writes ("Re: [PATCH 09/16] libelf: check nul-terminated strings 
> properly"):
>> I think I screwed up my explanation. I meant, if the user-supplied end
>> address of the note section is way off base - outside of the actual
>> image - elf_note_next will eventually read out-of-range 0s for the two
>> note sizes, and return a out-of-range handle note just past the last
>> one. elf_note_name will return NULL on this out-of-range note handle,
>> and the loop continues - maybe for up to ~0ul / 12 'notes'.
> Oh I see.
> I think I should fix this by having elf_note_next check that the
> returned value is in range and return ELF_MAX_PTRVAL if it isn't.

Indeed, this has been fixed in v4.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.