libelf: Correct overflow check in note_xlate. We want to make sure the note_len doesn't overflow and becomes shorter than the note header. But the namesz and descsz checks got the note header size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12). https://sourceware.org/bugzilla/show_bug.cgi?id=24084 Signed-off-by: Mark Wielaard <mark@klomp.org>

commit: e65d91d21cb09d83b001fef9435e576ba447db32 [log] [tgz]
author: Mark Wielaard <mark@klomp.org> Wed Jan 16 12:25:57 2019 +0100
committer: Mark Wielaard <mark@klomp.org> Wed Jan 16 12:25:57 2019 +0100
tree: 92a13bb96433e75ce5d60c679fb4df0bbbf0467c
parent: 012018907ca05eb0ab51d424a596ef38fc87cae1 [diff] [blame]
diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
index 9bdc3e2..bc9950f 100644
--- a/libelf/note_xlate.h
+++ b/libelf/note_xlate.h

@@ -46,13 +46,13 @@
       /* desc needs to be aligned.  */
       note_len += n->n_namesz;
       note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
-      if (note_len > len || note_len < 8)
+      if (note_len > len || note_len < sizeof *n)
 	break;
 
       /* data as a whole needs to be aligned.  */
       note_len += n->n_descsz;
       note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
-      if (note_len > len || note_len < 8)
+      if (note_len > len || note_len < sizeof *n)
 	break;
 
       /* Copy or skip the note data.  */
commit	e65d91d21cb09d83b001fef9435e576ba447db32	[log] [tgz]
author	Mark Wielaard <mark@klomp.org>	Wed Jan 16 12:25:57 2019 +0100
committer	Mark Wielaard <mark@klomp.org>	Wed Jan 16 12:25:57 2019 +0100
tree	92a13bb96433e75ce5d60c679fb4df0bbbf0467c
parent	012018907ca05eb0ab51d424a596ef38fc87cae1 [diff] [blame]