Fwd: security vulnerability in File
Christos Zoulas
christos at zoulas.com
Tue Feb 25 07:59:02 EST 2003
On Feb 24, 7:42pm, ian at darwinsys.com (Ian Darwin) wrote:
-- Subject: Fwd: security vulnerability in File
| I've received what looks like a legitimate report of a security
| buffer overflow-type problem in file up to 3.39. Can somebody
| who is more familiar with the ELF module please check into this
| fairly quickly and get back do David Endler before he goes public
| with this?
|
| Thanks
| Ian
This is correct, here's a patch and it will be fixed in the next
version of file. I am not sure the code audit did not find a memory
allocation bug in softmagic.c...
christos
RCS file: /src/pub/file/readelf.c,v
retrieving revision 1.23
diff -u -u -r1.23 readelf.c
--- readelf.c 8 Feb 2003 18:33:53 -0000 1.23
+++ readelf.c 25 Feb 2003 12:54:13 -0000
@@ -133,7 +133,7 @@
error("lseek failed (%s).\n", strerror(errno));
for ( ; num; num--) {
- if (read(fd, sh_addr, size) == -1)
+ if (read(fd, sh_addr, sizeof(*sh_addr)) == -1)
error("read failed (%s).\n", strerror(errno));
if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
(void) printf (", not stripped");
More information about the File
mailing list