Buffer Overflow

Code change for CVE-2014-3710

ext/fileinfo/libmagic/readelf.c

function header

private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, int, size_t, int *);

CODE CHANGE

— a/ext/fileinfo/libmagic/readelf.c

+++ b/ext/fileinfo/libmagic/readelf.c

@@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf);

+       if (xnh_sizeof + offset > size) {

+               /*

Subscribe to RSS - Buffer Overflow