diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2020-03-04 16:57:23 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2020-03-04 16:57:23 +0000 |
| commit | 76cd520d45d35cf485d4deeb148842ae6249107a (patch) | |
| tree | 4c0d149876e5b12a26f6b989bea29b4df50c46a4 /usr.bin/elfctl | |
| parent | 87a920c06594e5f02a3fbbd52db3e5a0c2021a9a (diff) | |
| download | src-test-76cd520d45d35cf485d4deeb148842ae6249107a.tar.gz src-test-76cd520d45d35cf485d4deeb148842ae6249107a.zip | |
elfctl: check read return value
CID: 1420212, 1420213
Reported by: Coverity Scan
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=358623
Diffstat (limited to 'usr.bin/elfctl')
| -rw-r--r-- | usr.bin/elfctl/elfctl.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/usr.bin/elfctl/elfctl.c b/usr.bin/elfctl/elfctl.c index ba9d455491746..2f8df69c08f1f 100644 --- a/usr.bin/elfctl/elfctl.c +++ b/usr.bin/elfctl/elfctl.c @@ -310,7 +310,6 @@ get_file_features(Elf *elf, int phcount, int fd, uint32_t *features, unsigned long read_total; int namesz, descsz, i; char *name; - ssize_t size; /* * Go through each program header to find one that is of type PT_NOTE @@ -332,9 +331,9 @@ get_file_features(Elf *elf, int phcount, int fd, uint32_t *features, read_total = 0; while (read_total < phdr.p_filesz) { - size = read(fd, ¬e, sizeof(note)); - if (size < (ssize_t)sizeof(note)) { - warn("read() failed:"); + if (read(fd, ¬e, sizeof(note)) < + (ssize_t)sizeof(note)) { + warnx("elf note header too short"); return (false); } read_total += sizeof(note); @@ -350,7 +349,10 @@ get_file_features(Elf *elf, int phcount, int fd, uint32_t *features, return (false); } descsz = roundup2(note.n_descsz, 4); - size = read(fd, name, namesz); + if (read(fd, name, namesz) < namesz) { + warnx("elf note name too short"); + return (false); + } read_total += namesz; if (note.n_namesz != 8 || @@ -380,7 +382,11 @@ get_file_features(Elf *elf, int phcount, int fd, uint32_t *features, */ if (note.n_descsz > sizeof(uint32_t)) warnx("Feature note is bigger than expected"); - read(fd, features, sizeof(uint32_t)); + if (read(fd, features, sizeof(uint32_t)) < + (ssize_t)sizeof(uint32_t)) { + warnx("feature note data too short"); + return (false); + } if (off != NULL) *off = phdr.p_offset + read_total; free(name); |