Date: Thu, 6 Mar 2003 15:15:47 +0100 (CET) From: Guy Poizat <guy@device.dyndns.org> To: freebsd-security@freebsd.org Subject: Prov. patch for the file hole ISS disclosed Message-ID: <200303061415.h26EFlhD004317@device.dyndns.org>
next in thread | raw e-mail | index | archive | help
Here is my suggestion. Feel free to comment/correct me,
as this is my first ever C line out of a windows system :]
I tested it against RELENG_4.
--- src/contrib/file/readelf.c Sun Nov 26 22:37:21 2000
+++ src/contrib/file/readelf.c.patched Thu Mar 6 15:02:44 2003
@@ -141,6 +141,9 @@
Elf32_Shdr sh32;
Elf64_Shdr sh64;
+ if ( size > ( class == ELFCLASS32 ? sizeof(Elf32_Shdr) : sizeof(Elf64_Shdr) ) )
+ return;
+
if (lseek(fd, off, SEEK_SET) == -1)
error("lseek failed (%s).\n", strerror(errno));
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303061415.h26EFlhD004317>