From: Ben Pfaff Date: Wed, 8 Dec 2004 00:17:58 +0000 (+0000) Subject: Validate offsets before passing into file_seek(). X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d97c24e174bb94bc9ff96b0094bf25b78a576295;p=pintos-anon Validate offsets before passing into file_seek(). --- diff --git a/src/userprog/process.c b/src/userprog/process.c index 78b3122..b8d4a14 100644 --- a/src/userprog/process.c +++ b/src/userprog/process.c @@ -240,7 +240,10 @@ load (const char *filename, void (**eip) (void), void **esp) { struct Elf32_Phdr phdr; + if (file_ofs < 0 || file_ofs > file_length (file)) + LOAD_ERROR (("bad file offset %ld", (long) file_ofs)); file_seek (file, file_ofs); + if (file_read (file, &phdr, sizeof phdr) != sizeof phdr) LOAD_ERROR (("error reading program header")); file_ofs += sizeof phdr; @@ -316,6 +319,13 @@ load_segment (struct file *file, const struct Elf32_Phdr *phdr) return false; } + /* p_offset must point within file. */ + if (phdr->p_offset < 0 || phdr->p_offset > file_length (file)) + { + printf ("bad p_offset %"PE32Ox, phdr->p_offset); + return false; + } + /* [ELF1] 2-3 says that p_memsz must be at least as big as p_filesz. */ if (phdr->p_memsz < phdr->p_filesz)