From owner-svn-src-all@freebsd.org Wed Mar 4 16:57:24 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6235727345F; Wed, 4 Mar 2020 16:57:24 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Xg6D18YFz3FVN; Wed, 4 Mar 2020 16:57:24 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D96DD211FF; Wed, 4 Mar 2020 16:57:23 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 024GvNkf069987; Wed, 4 Mar 2020 16:57:23 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 024GvNJh069986; Wed, 4 Mar 2020 16:57:23 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <202003041657.024GvNJh069986@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 4 Mar 2020 16:57:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r358623 - head/usr.bin/elfctl X-SVN-Group: head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: head/usr.bin/elfctl X-SVN-Commit-Revision: 358623 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2020 16:57:24 -0000 Author: emaste Date: Wed Mar 4 16:57:23 2020 New Revision: 358623 URL: https://svnweb.freebsd.org/changeset/base/358623 Log: elfctl: check read return value CID: 1420212, 1420213 Reported by: Coverity Scan Sponsored by: The FreeBSD Foundation Modified: head/usr.bin/elfctl/elfctl.c Modified: head/usr.bin/elfctl/elfctl.c ============================================================================== --- head/usr.bin/elfctl/elfctl.c Wed Mar 4 16:53:49 2020 (r358622) +++ head/usr.bin/elfctl/elfctl.c Wed Mar 4 16:57:23 2020 (r358623) @@ -310,7 +310,6 @@ get_file_features(Elf *elf, int phcount, int fd, uint3 unsigned long read_total; int namesz, descsz, i; char *name; - ssize_t size; /* * Go through each program header to find one that is of type PT_NOTE @@ -332,9 +331,9 @@ get_file_features(Elf *elf, int phcount, int fd, uint3 read_total = 0; while (read_total < phdr.p_filesz) { - size = read(fd, ¬e, sizeof(note)); - if (size < (ssize_t)sizeof(note)) { - warn("read() failed:"); + if (read(fd, ¬e, sizeof(note)) < + (ssize_t)sizeof(note)) { + warnx("elf note header too short"); return (false); } read_total += sizeof(note); @@ -350,7 +349,10 @@ get_file_features(Elf *elf, int phcount, int fd, uint3 return (false); } descsz = roundup2(note.n_descsz, 4); - size = read(fd, name, namesz); + if (read(fd, name, namesz) < namesz) { + warnx("elf note name too short"); + return (false); + } read_total += namesz; if (note.n_namesz != 8 || @@ -380,7 +382,11 @@ get_file_features(Elf *elf, int phcount, int fd, uint3 */ if (note.n_descsz > sizeof(uint32_t)) warnx("Feature note is bigger than expected"); - read(fd, features, sizeof(uint32_t)); + if (read(fd, features, sizeof(uint32_t)) < + (ssize_t)sizeof(uint32_t)) { + warnx("feature note data too short"); + return (false); + } if (off != NULL) *off = phdr.p_offset + read_total; free(name);