diff options
| author | gordon <gordon@FreeBSD.org> | 2017-09-07 19:23:08 +0000 |
|---|---|---|
| committer | gordon <gordon@FreeBSD.org> | 2017-09-07 19:23:08 +0000 |
| commit | cec050ba26dc8cd492c6c67a1ee9cc237129c281 (patch) | |
| tree | 00d6c474f79e8c2d237640d519c8f679b6b2cf27 | |
| parent | 1b19abe547cd66ae0d84abdb7da2efb40a5c42a4 (diff) | |
| download | FreeBSD-src-cec050ba26dc8cd492c6c67a1ee9cc237129c281.zip FreeBSD-src-cec050ba26dc8cd492c6c67a1ee9cc237129c281.tar.gz | |
MFC r323278: Fix an incorrectly used conditional causing buffer overflow.
Reported by: Thomas Jarosch of Intra2net AG
Reviewed by: emaste, jhb
Approved by: re (marius)
Security: CVE-2017-1000249
| -rw-r--r-- | contrib/file/src/readelf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/file/src/readelf.c b/contrib/file/src/readelf.c index 90dae39..f321287 100644 --- a/contrib/file/src/readelf.c +++ b/contrib/file/src/readelf.c @@ -509,7 +509,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, size_t noff, size_t doff, int *flags) { if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && - type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { + type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { uint8_t desc[20]; const char *btype; uint32_t i; |
