You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
1.3 KiB
35 lines
1.3 KiB
From 87b73e5cfdc12da94c251b2cd83bb01c7d9f616c Mon Sep 17 00:00:00 2001
|
|
From: John Reiser <jreiser@BitWagon.com>
|
|
Date: Wed, 22 Jul 2020 19:34:27 -0700
|
|
Subject: [PATCH] Unpack: Phdrs must be within expansion of first compressed
|
|
block
|
|
|
|
https://github.com/upx/upx/issues/388
|
|
modified: p_lx_elf.cpp
|
|
---
|
|
src/p_lx_elf.cpp | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
|
|
index cd9e4ec97..453d5c457 100644
|
|
--- a/src/p_lx_elf.cpp
|
|
+++ b/src/p_lx_elf.cpp
|
|
@@ -4550,7 +4550,7 @@ void PackLinuxElf64::unpack(OutputFile *fo)
|
|
unsigned c_adler = upx_adler32(NULL, 0);
|
|
unsigned u_adler = upx_adler32(NULL, 0);
|
|
#define MAX_ELF_HDR 1024
|
|
- if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
|
|
+ if ((umin64(MAX_ELF_HDR, ph.u_len) - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
|
|
throwCantUnpack("bad compressed e_phnum");
|
|
}
|
|
#undef MAX_ELF_HDR
|
|
@@ -5617,7 +5617,7 @@ void PackLinuxElf32::unpack(OutputFile *fo)
|
|
unsigned c_adler = upx_adler32(NULL, 0);
|
|
unsigned u_adler = upx_adler32(NULL, 0);
|
|
#define MAX_ELF_HDR 512
|
|
- if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
|
|
+ if ((umin(MAX_ELF_HDR, ph.u_len) - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
|
|
throwCantUnpack("bad compressed e_phnum");
|
|
}
|
|
#undef MAX_ELF_HDR
|