File 0002-Protect-against-bad-crafted-input.patch of Package upx

From 7bace76176148e5a12d91b467029fee0f3106ac1 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Tue, 3 Oct 2017 09:55:34 -0700
Subject: [PATCH 2/2] Protect against bad crafted input.

https://github.com/upx/upx/issues/129
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index 9272cf9b..37a95720 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -3572,6 +3572,9 @@ void PackLinuxElf64::unpack(OutputFile *fo)
     unsigned total_out = 0;
     unsigned c_adler = upx_adler32(NULL, 0);
     unsigned u_adler = upx_adler32(NULL, 0);
+    if ((MAX_ELF_HDR - sizeof(Elf64_Ehdr))/sizeof(Elf64_Phdr) < u_phnum) {
+        throwCantUnpack("bad compressed e_phnum");
+    }
 
     // Packed ET_EXE has no PT_DYNAMIC.
     // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
@@ -4196,6 +4199,9 @@ void PackLinuxElf32::unpack(OutputFile *fo)
     unsigned total_out = 0;
     unsigned c_adler = upx_adler32(NULL, 0);
     unsigned u_adler = upx_adler32(NULL, 0);
+    if ((MAX_ELF_HDR - sizeof(Elf32_Ehdr))/sizeof(Elf32_Phdr) < u_phnum) {
+        throwCantUnpack("bad compressed e_phnum");
+    }
 
     // Packed ET_EXE has no PT_DYNAMIC.
     // Packed ET_DYN has original PT_DYNAMIC for info needed by rtld.
-- 
2.14.2
Places

File 0002-Protect-against-bad-crafted-input.patch of Package upx

Places
