Page MenuHomeFreeBSD
Differential D53063

imgact_elf: Check note body sizes
ClosedPublic
Actions

Authored by markj on Oct 13 2025, 12:41 PM.
Tags
None
Referenced Files
F137775930: D53063.diff
Tue, Nov 25, 5:55 PM
Unknown Object (File)
Sun, Nov 23, 12:43 PM
Unknown Object (File)
Sun, Nov 23, 2:18 AM
Unknown Object (File)
Fri, Nov 21, 1:20 PM
Unknown Object (File)
Fri, Nov 21, 5:12 AM
Unknown Object (File)
Tue, Nov 18, 7:37 AM
Unknown Object (File)
Sun, Nov 16, 5:25 PM
Unknown Object (File)
Mon, Nov 10, 6:46 AM
View All 40 Files
Subscribers
imp
olce

Details

Reviewers
jhb
kib
emaste
Commits
rGb1faa50c18e8: imgact_elf: Check note body sizes
rG6e4767672a21: imgact_elf: Check note body sizes
rG1508441e71f1: imgact_elf: Check note body sizes
rG09ae918e1f00: imgact_elf: Check note body sizes
rGc86af2cc4cd1: imgact_elf: Check note body sizes
Summary

In parse_notes we validate that the note name fits within the note
buffer, but we do not do the same for the note data, so there is some
potential for an OOB read in the note handler. Add a bounds check.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 67767
Build 64650: arc lint + arc unit

Event Timeline

markj created this revision.Oct 13 2025, 12:41 PM
Herald added subscribers: olce, imp. · View Herald TranscriptOct 13 2025, 12:41 PM
markj requested review of this revision.Oct 13 2025, 12:41 PM
Harbormaster completed remote builds in B67746: Diff 164085.Oct 13 2025, 12:41 PM
markj added a parent revision: D53062: imgact: Mark brandinfo and note structures as const.Oct 13 2025, 12:41 PM
emaste accepted this revision.Oct 13 2025, 2:37 PM
This revision is now accepted and ready to land.Oct 13 2025, 2:37 PM
kib accepted this revision.Oct 13 2025, 3:49 PM
kib added inline comments.
sys/kern/imgact_elf.c
2834
2841–2842
markj updated this revision to Diff 164139.Oct 14 2025, 1:46 PM
markj marked 2 inline comments as done.
  • Fix an unrelated typo
  • Perform a single check
This revision now requires review to proceed.Oct 14 2025, 1:46 PM
Harbormaster completed remote builds in B67767: Diff 164139.Oct 14 2025, 1:46 PM
emaste accepted this revision.Oct 14 2025, 2:07 PM
This revision is now accepted and ready to land.Oct 14 2025, 2:07 PM
kib accepted this revision.Oct 14 2025, 6:05 PM
Closed by commit rGc86af2cc4cd1: imgact_elf: Check note body sizes (authored by markj). · Explain WhyOct 15 2025, 8:20 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGc86af2cc4cd1: imgact_elf: Check note body sizes.
markj added a commit: rG09ae918e1f00: imgact_elf: Check note body sizes.Oct 22 2025, 12:53 PM
markj added a commit: rG1508441e71f1: imgact_elf: Check note body sizes.Oct 22 2025, 1:01 PM
markj added a commit: rG6e4767672a21: imgact_elf: Check note body sizes.
cperciva added a commit: rGb1faa50c18e8: imgact_elf: Check note body sizes.Oct 22 2025, 8:15 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
8 lines

Diff 164139

View Options

sys/kern/imgact_elf.c

Loading...