Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Mar 2003 19:24:03 +0100
From:      "Guy P." <guy@device.dyndns.org>
To:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: Prov. patch for the file hole ISS disclosed
Message-ID:  <5.1.1.6.0.20030311190645.02f316c8@device.dyndns.org>
In-Reply-To: <20030311115215.1628a67b.nospam@hiltonbsd.com>
References:  <20030311174126.GA57179@madman.celabo.org> <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> <20030311174126.GA57179@madman.celabo.org>
index | next in thread | previous in thread | raw e-mail 

At 18:52 11/03/2003, Stephen Hilton wrote:

>I am getting ready to do a buildworld today on 4.8-RC and can
>test a patch if available. Does the patch provided by:
>
>Guy Poizat <guy@device.dyndns.org>
>
>Appear correct ?

After investigating what the file utility mainteners used in their fixed 
release, i'd suggest using the following patch instead, which looks more 
respectful regarding the original code to my eyes :

---------------------------------------------------------------

--- src/contrib/file/readelf.c  Sun Nov 26 22:37:21 2000
+++ src/contrib/file/readelf.c.patched  Mon Mar 10 15:30:59 2003
@@ -104,6 +104,9 @@
  #define shs_type       (class == ELFCLASS32            \
                          ? getu32(swap, sh32.sh_type)   \
                          : getu32(swap, sh64.sh_type))
+#define sh_size                (class == ELFCLASS32            \
+                        ? sizeof sh32                  \
+                        : sizeof sh64)
  #define ph_addr                (class == ELFCLASS32            \
                          ? (void *) &ph32               \
                          : (void *) &ph64)
@@ -141,11 +144,14 @@
         Elf32_Shdr sh32;
         Elf64_Shdr sh64;

+       if (size != sh_size)
+               error("corrupted section header size.\n");
+
         if (lseek(fd, off, SEEK_SET) == -1)
                 error("lseek failed (%s).\n", strerror(errno));

         for ( ; num; num--) {
-               if (read(fd, sh_addr, size) == -1)
+               if (read(fd, sh_addr, sh_size) == -1)
                         error("read failed (%s).\n", strerror(errno));
                 if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
                         (void) printf (", not stripped");

---------------------------------------------------------------

Forgive my terrible  english...

--
         Guy P.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.1.6.0.20030311190645.02f316c8>