[src/netbsd-1-6]: src/usr.bin/file Pullup rev 1.17 via hand patch (requested ...

[jmc <jmc%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/eaa94369154b
branches:  netbsd-1-6
changeset: 530179:eaa94369154b
user:      jmc <jmc%NetBSD.org@localhost>
date:      Sat Mar 08 00:10:34 2003 +0000

description:
Pullup rev 1.17 via hand patch (requested by pooka in ticket #1199)
 Fixes possible buffer overflows.

diffstat:

 usr.bin/file/readelf.c |  23 ++++++++++++++++++-----
 1 files changed, 18 insertions(+), 5 deletions(-)

diffs (85 lines):

diff -r 8919fb08a7ed -r eaa94369154b usr.bin/file/readelf.c
--- a/usr.bin/file/readelf.c    Sat Mar 08 00:10:18 2003 +0000
+++ b/usr.bin/file/readelf.c    Sat Mar 08 00:10:34 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: readelf.c,v 1.13 2002/05/18 07:00:46 pooka Exp $       */
+/*     $NetBSD: readelf.c,v 1.13.2.1 2003/03/08 00:10:34 jmc Exp $     */
 
 #include "file.h"
 
@@ -20,7 +20,7 @@
 #if 0
 FILE_RCSID("@(#)Id: readelf.c,v 1.20 2002/05/16 18:57:11 christos Exp ")
 #else
-__RCSID("$NetBSD: readelf.c,v 1.13 2002/05/18 07:00:46 pooka Exp $");
+__RCSID("$NetBSD: readelf.c,v 1.13.2.1 2003/03/08 00:10:34 jmc Exp $");
 #endif
 #endif
 
@@ -108,12 +108,18 @@
 #define sh_addr                (class == ELFCLASS32            \
                         ? (void *) &sh32               \
                         : (void *) &sh64)
+#define sh_size                (class == ELFCLASS32            \
+                        ? sizeof sh32                  \
+                        : sizeof sh64)
 #define shs_type       (class == ELFCLASS32            \
                         ? getu32(swap, sh32.sh_type)   \
                         : getu32(swap, sh64.sh_type))
 #define ph_addr                (class == ELFCLASS32            \
                         ? (void *) &ph32               \
                         : (void *) &ph64)
+#define ph_size                (class == ELFCLASS32            \
+                        ? sizeof ph32                  \
+                        : sizeof ph64)
 #define ph_type                (class == ELFCLASS32            \
                         ? getu32(swap, ph32.p_type)    \
                         : getu32(swap, ph64.p_type))
@@ -148,11 +154,14 @@
        Elf32_Shdr sh32;
        Elf64_Shdr sh64;
 
+       if (size != sh_size)
+               error("corrupted section header size.\n");
+
        if (lseek(fd, off, SEEK_SET) == -1)
                error("lseek failed (%s).\n", strerror(errno));
 
        for ( ; num; num--) {
-               if (read(fd, sh_addr, size) == -1)
+               if (read(fd, sh_addr, sh_size) == -1)
                        error("read failed (%s).\n", strerror(errno));
                if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
                        (void) printf (", not stripped");
@@ -186,11 +195,13 @@
        int bufsize;
        size_t offset, nameoffset;
 
+       if (size != ph_size)
+               error("corrupted program header size.\n");
        if (lseek(fd, off, SEEK_SET) == -1)
                error("lseek failed (%s).\n", strerror(errno));
 
        for ( ; num; num--) {
-               if (read(fd, ph_addr, size) == -1)
+               if (read(fd, ph_addr, ph_size) == -1)
                        error("read failed (%s).\n", strerror(errno));
 
                switch (ph_type) {
@@ -379,13 +390,15 @@
        int bufsize;
        int os_style = -1;
 
+       if (size != ph_size)
+               error("corrupted program header size.\n");
        /*
         * Loop through all the program headers.
         */
        for ( ; num; num--) {
                if (lseek(fd, off, SEEK_SET) == -1)
                        error("lseek failed (%s).\n", strerror(errno));
-               if (read(fd, ph_addr, size) == -1)
+               if (read(fd, ph_addr, ph_size) == -1)
                        error("read failed (%s).\n", strerror(errno));
                off += size;
                if (ph_type != PT_NOTE)