Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Mar 2020 16:57:23 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r358623 - head/usr.bin/elfctl
Message-ID:  <202003041657.024GvNJh069986@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: emaste
Date: Wed Mar  4 16:57:23 2020
New Revision: 358623
URL: https://svnweb.freebsd.org/changeset/base/358623

Log:
  elfctl: check read return value
  
  CID:		1420212, 1420213
  Reported by:	Coverity Scan
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/usr.bin/elfctl/elfctl.c

Modified: head/usr.bin/elfctl/elfctl.c
==============================================================================
--- head/usr.bin/elfctl/elfctl.c	Wed Mar  4 16:53:49 2020	(r358622)
+++ head/usr.bin/elfctl/elfctl.c	Wed Mar  4 16:57:23 2020	(r358623)
@@ -310,7 +310,6 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
 	unsigned long read_total;
 	int namesz, descsz, i;
 	char *name;
-	ssize_t size;
 
 	/*
 	 * Go through each program header to find one that is of type PT_NOTE
@@ -332,9 +331,9 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
 
 		read_total = 0;
 		while (read_total < phdr.p_filesz) {
-			size = read(fd, &note, sizeof(note));
-			if (size < (ssize_t)sizeof(note)) {
-				warn("read() failed:");
+			if (read(fd, &note, sizeof(note)) <
+			    (ssize_t)sizeof(note)) {
+				warnx("elf note header too short");
 				return (false);
 			}
 			read_total += sizeof(note);
@@ -350,7 +349,10 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
 				return (false);
 			}
 			descsz = roundup2(note.n_descsz, 4);
-			size = read(fd, name, namesz);
+			if (read(fd, name, namesz) < namesz) {
+				warnx("elf note name too short");
+				return (false);
+			}
 			read_total += namesz;
 
 			if (note.n_namesz != 8 ||
@@ -380,7 +382,11 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
 			 */
 			if (note.n_descsz > sizeof(uint32_t))
 				warnx("Feature note is bigger than expected");
-			read(fd, features, sizeof(uint32_t));
+			if (read(fd, features, sizeof(uint32_t)) <
+			    (ssize_t)sizeof(uint32_t)) {
+				warnx("feature note data too short");
+				return (false);
+			}
 			if (off != NULL)
 				*off = phdr.p_offset + read_total;
 			free(name);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003041657.024GvNJh069986>