blob: 9ecb045f82a292cd67917669cb2f79e4c4e4eb28 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Sun, 9 Feb 2025 00:07:13 +0100
Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab
A corrupt ELF file can have broken program headers, in which case
gelf_getphdr returns NULL. This could crash handle_dynamic_symtab
while searching for the PT_DYNAMIC phdr. Fix this by checking whether
gelf_phdr returns NULL.
* src/readelf.c (handle_dynamic_symtab): Check whether
gelf_getphdr returns NULL.
https://sourceware.org/bugzilla/show_bug.cgi?id=32655
CVE: CVE-2025-1371
Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a]
Signed-off-by: Mark Wielaard <mark@klomp.org>
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
src/readelf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/readelf.c b/src/readelf.c
index 105cddf..a526fa8 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl)
for (size_t i = 0; i < phnum; ++i)
{
phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
- if (phdr->p_type == PT_DYNAMIC)
+ if (phdr == NULL || phdr->p_type == PT_DYNAMIC)
break;
}
if (phdr == NULL)
--
2.43.2
|
