svn commit: r323278 - head/contrib/file/src

Gordon Tetlow Thu, 07 Sep 2017 11:55:20 -0700

Author: gordon
Date: Thu Sep  7 18:54:54 2017
New Revision: 323278
URL: https://svnweb.freebsd.org/changeset/base/323278


Log:
  Fix an incorrectly used conditional causing a stack buffer overflow.
  
  Reported by:  Thomas Jarosch of Intra2net AG
  Reviewed by:  emaste, jhb
  Security:     CVE-2017-1000249

Modified:
  head/contrib/file/src/readelf.c

Modified: head/contrib/file/src/readelf.c
==============================================================================
--- head/contrib/file/src/readelf.c     Thu Sep  7 17:51:35 2017        
(r323277)
+++ head/contrib/file/src/readelf.c     Thu Sep  7 18:54:54 2017        
(r323278)
@@ -509,7 +509,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf,
     size_t noff, size_t doff, int *flags)
 {
        if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
-           type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
+           type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
                uint8_t desc[20];
                const char *btype;
                uint32_t i;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r323278 - head/contrib/file/src

Reply via email to