From fbc429365932c6266257a905bfa231397ce9bf98 Mon Sep 17 00:00:00 2001 From: jasper Date: Thu, 13 Jul 2023 19:04:50 +0000 Subject: [PATCH] - use IS_ELF() to check the ELF magic bytes - reject non-sensical program header values which would result in a crash when accessing the 0 bytes sized buffer allocated due to it ok deraadt@ kettenis@ --- libexec/ld.so/ldd/ldd.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libexec/ld.so/ldd/ldd.c b/libexec/ld.so/ldd/ldd.c index a7a874e07cf..860f46318d2 100644 --- a/libexec/ld.so/ldd/ldd.c +++ b/libexec/ld.so/ldd/ldd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldd.c,v 1.22 2017/10/27 16:47:08 mpi Exp $ */ +/* $OpenBSD: ldd.c,v 1.23 2023/07/13 19:04:50 jasper Exp $ */ /* * Copyright (c) 2001 Artur Grabowski * All rights reserved. @@ -117,19 +117,25 @@ doit(char *name) close(fd); return 1; } + if (read(fd, &ehdr, sizeof(ehdr)) < 0) { warn("read(%s)", name); close(fd); return 1; } - if (memcmp(ehdr.e_ident, ELFMAG, SELFMAG) || - ehdr.e_machine != ELF_TARG_MACH) { + if (!IS_ELF(ehdr) || ehdr.e_machine != ELF_TARG_MACH) { warnx("%s: not an ELF executable", name); close(fd); return 1; } + if (ehdr.e_phnum == 0 || ehdr.e_phentsize == 0) { + warnx("%s: missing program header", name); + close(fd); + return 1; + } + if ((phdr = reallocarray(NULL, ehdr.e_phnum, sizeof(Elf_Phdr))) == NULL) err(1, "reallocarray"); size = ehdr.e_phnum * sizeof(Elf_Phdr); -- 2.20.1