diff options
author | Mike Frysinger <vapier@gentoo.org> | 2024-01-25 23:10:11 -0500 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-08-09 11:06:17 +0100 |
commit | e99a8c374ed7da962bcd4ba76107dc090502e8d6 (patch) | |
tree | bd3971dc8b0fd73de79dd8a1d0194a6623d17707 | |
parent | dumpelf: improve note memory check (diff) | |
download | pax-utils-e99a8c374ed7da962bcd4ba76107dc090502e8d6.tar.gz pax-utils-e99a8c374ed7da962bcd4ba76107dc090502e8d6.tar.bz2 pax-utils-e99a8c374ed7da962bcd4ba76107dc090502e8d6.zip |
dumpelf: limit note name display
The note name is supposed to be NUL terminated, but if it's not,
make sure we don't keep reading data until we hit out of bounds
by limiting to exactly the number of bytes declared (and that we
already verified fit within valid memory).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit c7d34ad6cf90f3cbb2a184050996d37966fe2ef1)
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | dumpelf.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -253,7 +253,7 @@ static void dump_notes(const elfobj *elf, size_t B, const void *memory, const vo printf("\t * Elf%zu_Nhdr note%zu = {\n", B, i); printf("\t * \t.n_namesz = %u, (bytes)", namesz); if (name) - printf(" [%s]", name); + printf(" [%.*s]", namesz, name); printf("\n"); printf("\t * \t.n_descsz = %u, (bytes)", descsz); if (desc) { |