blob: 7e6de04948bd7c3d994d04bd0731ce7fa2fee08d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 87b73e5cfdc12da94c251b2cd83bb01c7d9f616c Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 22 Jul 2020 19:34:27 -0700
Subject: [PATCH] Unpack: Phdrs must be within expansion of first compressed
block
https://github.com/upx/upx/issues/388
modified: p_lx_elf.cpp
---
src/p_lx_elf.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index cd9e4ec97..453d5c457 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -4550,7 +4550,7 @@ void PackLinuxElf64::unpack(OutputFile *fo)
unsigned c_adler = upx_adler32(NULL, 0);
unsigned u_adler = upx_adler32(NULL, 0);
#define MAX_ELF_HDR 1024
- if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
+ if ((umin64(MAX_ELF_HDR, ph.u_len) - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
throwCantUnpack("bad compressed e_phnum");
}
#undef MAX_ELF_HDR
@@ -5617,7 +5617,7 @@ void PackLinuxElf32::unpack(OutputFile *fo)
unsigned c_adler = upx_adler32(NULL, 0);
unsigned u_adler = upx_adler32(NULL, 0);
#define MAX_ELF_HDR 512
- if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
+ if ((umin(MAX_ELF_HDR, ph.u_len) - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
throwCantUnpack("bad compressed e_phnum");
}
#undef MAX_ELF_HDR
|
GitWeb
