svn commit: r323281 - in stable: 10/contrib/file/src 11/contrib/file/src

Gordon Tetlow Thu, 07 Sep 2017 12:23:53 -0700

Author: gordon
Date: Thu Sep  7 19:23:08 2017
New Revision: 323281
URL: https://svnweb.freebsd.org/changeset/base/323281


Log:
  MFC r323278: Fix an incorrectly used conditional causing buffer overflow.
  
  Reported by:  Thomas Jarosch of Intra2net AG
  Reviewed by:  emaste, jhb
  Approved by:  re (marius)
  Security:     CVE-2017-1000249

Modified:
  stable/10/contrib/file/src/readelf.c
Directory Properties:
  stable/10/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/contrib/file/src/readelf.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/10/contrib/file/src/readelf.c
==============================================================================
--- stable/10/contrib/file/src/readelf.c        Thu Sep  7 19:15:31 2017        
(r323280)
+++ stable/10/contrib/file/src/readelf.c        Thu Sep  7 19:23:08 2017        
(r323281)
@@ -509,7 +509,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf,
     size_t noff, size_t doff, int *flags)
 {
        if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
-           type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
+           type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
                uint8_t desc[20];
                const char *btype;
                uint32_t i;
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

svn commit: r323281 - in stable: 10/contrib/file/src 11/contrib/file/src

Reply via email to