diff options
Diffstat (limited to 'libelf/elf_next.c')
| -rw-r--r-- | libelf/elf_next.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/libelf/elf_next.c b/libelf/elf_next.c index 4c33714f291a9..dd5a93e4ed1d0 100644 --- a/libelf/elf_next.c +++ b/libelf/elf_next.c @@ -30,7 +30,7 @@ #include "_libelf.h" -ELFTC_VCSID("$Id: elf_next.c 3174 2015-03-27 17:13:41Z emaste $"); +ELFTC_VCSID("$Id: elf_next.c 3710 2019-03-12 09:42:35Z jkoshy $"); Elf_Cmd elf_next(Elf *e) @@ -60,5 +60,19 @@ elf_next(Elf *e) parent->e_u.e_ar.e_next = (next >= (off_t) parent->e_rawsize) ? (off_t) 0 : next; + /* + * Return an error if the 'e_next' field falls outside the current + * file. + * + * This check is performed after updating the parent descriptor's + * 'e_next' field so that the next call to elf_begin(3) will terminate + * traversal of a too-small archive even if client code forgets to + * check the return value from elf_next(3). + */ + if (next > (off_t) parent->e_rawsize) { + LIBELF_SET_ERROR(ARGUMENT, 0); + return (ELF_C_NULL); + } + return (ELF_C_READ); } |