Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Mar 2003 15:15:47 +0100 (CET)
From:      Guy Poizat <guy@device.dyndns.org>
To:        freebsd-security@freebsd.org
Subject:   Prov. patch for the file hole ISS disclosed
Message-ID:  <200303061415.h26EFlhD004317@device.dyndns.org>

next in thread | raw e-mail | index | archive | help
Here is my suggestion. Feel free to comment/correct me,
as this is my first ever C line out of a windows system :]
I tested it against RELENG_4.

--- src/contrib/file/readelf.c	Sun Nov 26 22:37:21 2000
+++ src/contrib/file/readelf.c.patched	Thu Mar  6 15:02:44 2003
@@ -141,6 +141,9 @@
 	Elf32_Shdr sh32;
 	Elf64_Shdr sh64;
 
+	if ( size > ( class == ELFCLASS32 ?  sizeof(Elf32_Shdr) : sizeof(Elf64_Shdr) ) )
+		return;
+
 	if (lseek(fd, off, SEEK_SET) == -1)
 		error("lseek failed (%s).\n", strerror(errno));
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303061415.h26EFlhD004317>