From patchwork Thu Mar 17 13:30:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Wielaard X-Patchwork-Id: 52050 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B75FA3952009 for ; Thu, 17 Mar 2022 13:32:02 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 8C284394FC3B for ; Thu, 17 Mar 2022 13:31:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8C284394FC3B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x09.wildebeest.org [172.31.17.139]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 588FF302FB91; Thu, 17 Mar 2022 14:31:23 +0100 (CET) Received: by reform (Postfix, from userid 1000) id 1C7552E81D4B; Thu, 17 Mar 2022 14:31:23 +0100 (CET) From: Mark Wielaard To: elfutils-devel@sourceware.org Subject: [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol. Date: Thu, 17 Mar 2022 14:30:51 +0100 Message-Id: <20220317133051.100876-3-mark@klomp.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220317133051.100876-1-mark@klomp.org> References: <20220317133051.100876-1-mark@klomp.org> MIME-Version: 1.0 X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , Cc: david korczynski , Mark Wielaard , Evgeny Vereshchagin Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org Sender: "Elfutils-devel" The ar_size field is a 10 character string, not zero terminated, of decimal digits right padded with spaces. Make sure it actually starts with a digit before calling atol on it. We already make sure it is zero terminated. Otherwise atol might produce unexpected results. Signed-off-by: Mark Wielaard --- libelf/ChangeLog | 4 ++++ libelf/elf_begin.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 1883af07..07dd905f 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,7 @@ +2022-03-17 Mark Wielaard + + * elf_begin.c (read_long_names): Check ar_size starts with a digit. + 2022-03-17 Mark Wielaard * elf_begin.c (get_shnum): Take offset into account for Shdr diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 03b80185..917e0c71 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -765,6 +765,11 @@ read_long_names (Elf *elf) *((char *) mempcpy (buf, hdr->ar_size, sizeof (hdr->ar_size))) = '\0'; string = buf; } + + /* atol expects to see at least one digit. + It also cannot be negative (-). */ + if (!isdigit(string[0])) + return NULL; len = atol (string); if (memcmp (hdr->ar_name, "// ", 16) == 0)