summaryrefslogtreecommitdiff
path: root/usr/src/cmd
diff options
context:
space:
mode:
authorRichard Lowe <richlowe@richlowe.net>2014-12-11 21:22:55 -0500
committerRichard Lowe <richlowe@richlowe.net>2015-01-16 11:16:22 -0500
commit18059eae28246ed2eef942a16364131202558094 (patch)
tree232ac08dbc508b45137758dc3b0c10e53edcbc2b /usr/src/cmd
parenta6a74e0e62d62ff750cd4b790be5eacc99c3bb8c (diff)
downloadillumos-gate-18059eae28246ed2eef942a16364131202558094.tar.gz
5535 libelf should check for e_phoff overflow
Reviewed by: Dan McDonald <danmcd@omniti.com> Reviewed by: Bayard Bell <bayard.bell@nexenta.com> Approved by: Gordon Ross <gwr@nexenta.com>
Diffstat (limited to 'usr/src/cmd')
-rw-r--r--usr/src/cmd/sgs/libelf/common/clscook.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/usr/src/cmd/sgs/libelf/common/clscook.c b/usr/src/cmd/sgs/libelf/common/clscook.c
index 12389c0dff..e571de5b1a 100644
--- a/usr/src/cmd/sgs/libelf/common/clscook.c
+++ b/usr/src/cmd/sgs/libelf/common/clscook.c
@@ -314,7 +314,8 @@ _elf_phdr(Elf * elf, int inplace)
ELFACCESSDATA(work, _elf_work)
msz = _elf_msize(ELF_T_PHDR, work) * eh->e_phnum;
if ((eh->e_phoff == 0) ||
- ((fsz + eh->e_phoff) > elf->ed_fsz)) {
+ (elf->ed_fsz <= eh->e_phoff) ||
+ (elf->ed_fsz - eh->e_phoff < fsz)) {
_elf_seterr(EFMT_PHTAB, 0);
return (-1);
}