summaryrefslogtreecommitdiff
path: root/sysutils/file/patches/patch-src_readelf.c
diff options
context:
space:
mode:
Diffstat (limited to 'sysutils/file/patches/patch-src_readelf.c')
-rw-r--r--sysutils/file/patches/patch-src_readelf.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/sysutils/file/patches/patch-src_readelf.c b/sysutils/file/patches/patch-src_readelf.c
new file mode 100644
index 00000000000..f8a55c586bd
--- /dev/null
+++ b/sysutils/file/patches/patch-src_readelf.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_readelf.c,v 1.1 2018/06/30 09:27:03 bsiegert Exp $
+
+apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
+
+ ...
+ The do_core_note function in readelf.c in libmagic.a in file
+ 5.33 allows remote attackers to cause a denial of service
+ (out-of-bounds read and application crash) via a crafted ELF
+ file.
+ ...
+
+--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
++++ src/readelf.c
+@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
+
+ cname = (unsigned char *)
+ &nbuf[doff + prpsoffsets(i)];
+- for (cp = cname; *cp && isprint(*cp); cp++)
++ for (cp = cname; cp < nbuf + size && *cp
++ && isprint(*cp); cp++)
+ continue;
+ /*
+ * Linux apparently appends a space at the end
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-13 22:40:56 +0000