diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-10-20 01:21:34 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-10-20 01:21:34 +0000 |
commit | 24710bd00d2e97c4a3bf029b4afe84c80fb9f8d9 (patch) | |
tree | 8733ab9e30a9b4288b33a499bef2a0ef30dc84d7 | |
parent | 1c366e13a42f99645bf726b0be211d496e1169c2 (diff) | |
parent | 34a6e9576a9684087f95f57ee73171a637bee8b2 (diff) |
Merge release-20201005.0-108-g34a6e9576 (automated)
-rw-r--r-- | pkg/sentry/loader/elf.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go index d4610ec3b..98af2cc38 100644 --- a/pkg/sentry/loader/elf.go +++ b/pkg/sentry/loader/elf.go @@ -194,6 +194,10 @@ func parseHeader(ctx context.Context, f fullReader) (elfInfo, error) { log.Infof("Too many phdrs (%d): total size %d > %d", hdr.Phnum, totalPhdrSize, maxTotalPhdrSize) return elfInfo{}, syserror.ENOEXEC } + if int64(hdr.Phoff) < 0 || int64(hdr.Phoff+uint64(totalPhdrSize)) < 0 { + ctx.Infof("Unsupported phdr offset %d", hdr.Phoff) + return elfInfo{}, syserror.ENOEXEC + } phdrBuf := make([]byte, totalPhdrSize) _, err = f.ReadFull(ctx, usermem.BytesIOSequence(phdrBuf), int64(hdr.Phoff)) @@ -437,6 +441,10 @@ func loadParsedELF(ctx context.Context, m *mm.MemoryManager, f fsbridge.File, in ctx.Infof("PT_INTERP path too big: %v", phdr.Filesz) return loadedELF{}, syserror.ENOEXEC } + if int64(phdr.Off) < 0 || int64(phdr.Off+phdr.Filesz) < 0 { + ctx.Infof("Unsupported PT_INTERP offset %d", phdr.Off) + return loadedELF{}, syserror.ENOEXEC + } path := make([]byte, phdr.Filesz) _, err := f.ReadFull(ctx, usermem.BytesIOSequence(path), int64(phdr.Off)) |