Date: Fri, 20 Mar 2020 16:24:23 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359173 - head/contrib/elftoolchain/libpe Message-ID: <202003201624.02KGONh9078044@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Fri Mar 20 16:24:23 2020 New Revision: 359173 URL: https://svnweb.freebsd.org/changeset/base/359173 Log: libpe: Avoid a potential use-after-free in pe_update_symtab(). This function appears to be unused within FreeBSD and ELFToolChain. CID: 1418982 MFC after: 1 week Sponsored by: The FreeBSD Foundation Modified: head/contrib/elftoolchain/libpe/pe_symtab.c Modified: head/contrib/elftoolchain/libpe/pe_symtab.c ============================================================================== --- head/contrib/elftoolchain/libpe/pe_symtab.c Fri Mar 20 16:24:06 2020 (r359172) +++ head/contrib/elftoolchain/libpe/pe_symtab.c Fri Mar 20 16:24:23 2020 (r359173) @@ -33,7 +33,7 @@ ELFTC_VCSID("$Id: pe_symtab.c 3312 2016-01-10 09:23:51 int pe_update_symtab(PE *pe, char *symtab, size_t sz, unsigned int nsym) { - PE_Scn *ps; + PE_Scn *ps, *pstmp; PE_SecBuf *sb; PE_SecHdr *sh; @@ -48,7 +48,7 @@ pe_update_symtab(PE *pe, char *symtab, size_t sz, unsi } /* Remove the old symbol table. */ - STAILQ_FOREACH(ps, &pe->pe_scn, ps_next) { + STAILQ_FOREACH_SAFE(ps, &pe->pe_scn, ps_next, pstmp) { if (ps->ps_ndx == 0xFFFFFFFFU) libpe_release_scn(ps); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003201624.02KGONh9078044>