From 323ca04a0c9189544075c19b49da67f6443a8950 Mon Sep 17 00:00:00 2001 From: Li xin Date: Wed, 21 Jan 2015 09:33:38 +0900 Subject: [PATCH] elf_begin.c: CVE-2014-9447 fix this patch is from: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e Upstream-Status: Backport CVE: CVE-2014-9447 Signed-off-by: Li Xin --- libelf/elf_begin.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index e46add3..e83ba35 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -736,11 +736,8 @@ read_long_names (Elf *elf) break; /* NUL-terminate the string. */ - *runp = '\0'; - - /* Skip the NUL byte and the \012. */ - runp += 2; - + *runp++ = '\0'; + /* A sanity check. Somebody might have generated invalid archive. */ if (runp >= newp + len) -- 1.8.4.2