bin/52532: Fix an incorrectly used conditional causing a stack buffer overflow

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/52532: Fix an incorrectly used conditional causing a stack buffer overflow
From: henning.petersen%t-online.de@localhost
Date: Fri, 8 Sep 2017 05:30:00 +0000 (UTC)

>Number:         52532
>Category:       bin
>Synopsis:       Fix an incorrectly used conditional causing a stack buffer overflow
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 08 05:30:00 +0000 2017
>Originator:     Henning Petersen
>Release:        netbsd-current
>Organization:
>Environment:
>Description:
Fix an incorrectly used conditional causing a stack buffer overflow.

Security: CVE-2017-1000249
>How-To-Repeat:

>Fix:
diff -u -u -p -r1.15 readelf.c
--- external/bsd/file/dist/src/readelf.c	25 May 2017 00:11:26 -0000	1.15
+++ external/bsd/file/dist/src/readelf.c	8 Sep 2017 04:41:56 -0000
@@ -517,7 +517,7 @@ do_bid_note(struct magic_set *ms, unsign
     size_t noff, size_t doff, int *flags)
 {
 	if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
-	    type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
+	    type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
 		uint8_t desc[20];
 		const char *btype;
 		uint32_t i;

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: port-evbmips/52501 (erlite quickly fails to allocate memory and processes wedge)
Next by Thread: kern/52533: swsensor module can panic the machine when unloaded
Indexes:

Home | Main Index | Thread Index | Old Index