svn commit: r358623 - head/usr.bin/elfctl

Wed, 04 Mar 2020 08:58:23 -0800 

Author: emaste
Date: Wed Mar  4 16:57:23 2020
New Revision: 358623
URL: https://svnweb.freebsd.org/changeset/base/358623

Log:
  elfctl: check read return value
  
  CID:          1420212, 1420213
  Reported by:  Coverity Scan
  Sponsored by: The FreeBSD Foundation

Modified:
  head/usr.bin/elfctl/elfctl.c

Modified: head/usr.bin/elfctl/elfctl.c
==============================================================================
--- head/usr.bin/elfctl/elfctl.c        Wed Mar  4 16:53:49 2020        
(r358622)
+++ head/usr.bin/elfctl/elfctl.c        Wed Mar  4 16:57:23 2020        
(r358623)
@@ -310,7 +310,6 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
        unsigned long read_total;
        int namesz, descsz, i;
        char *name;
-       ssize_t size;
 
        /*
         * Go through each program header to find one that is of type PT_NOTE
@@ -332,9 +331,9 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
 
                read_total = 0;
                while (read_total < phdr.p_filesz) {
-                       size = read(fd, &note, sizeof(note));
-                       if (size < (ssize_t)sizeof(note)) {
-                               warn("read() failed:");
+                       if (read(fd, &note, sizeof(note)) <
+                           (ssize_t)sizeof(note)) {
+                               warnx("elf note header too short");
                                return (false);
                        }
                        read_total += sizeof(note);
@@ -350,7 +349,10 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
                                return (false);
                        }
                        descsz = roundup2(note.n_descsz, 4);
-                       size = read(fd, name, namesz);
+                       if (read(fd, name, namesz) < namesz) {
+                               warnx("elf note name too short");
+                               return (false);
+                       }
                        read_total += namesz;
 
                        if (note.n_namesz != 8 ||
@@ -380,7 +382,11 @@ get_file_features(Elf *elf, int phcount, int fd, uint3
                         */
                        if (note.n_descsz > sizeof(uint32_t))
                                warnx("Feature note is bigger than expected");
-                       read(fd, features, sizeof(uint32_t));
+                       if (read(fd, features, sizeof(uint32_t)) <
+                           (ssize_t)sizeof(uint32_t)) {
+                               warnx("feature note data too short");
+                               return (false);
+                       }
                        if (off != NULL)
                                *off = phdr.p_offset + read_total;
                        free(name);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to