diff options
author | Ed Maste <emaste@FreeBSD.org> | 2014-12-30 22:04:24 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2014-12-30 22:04:24 +0000 |
commit | 6db8a9f3a5ed5f35a00f88a2bdcef46bd66f15ea (patch) | |
tree | 2183fa957d1f41e84c4287839c26d4106f398a63 /sys/amd64/vmm/vmm.c | |
parent | ee8c7bb573ba5c423e893f075eafc6106fe5e895 (diff) | |
download | src-6db8a9f3a5ed5f35a00f88a2bdcef46bd66f15ea.tar.gz src-6db8a9f3a5ed5f35a00f88a2bdcef46bd66f15ea.zip |
Check for multiplication integer overflow in CHECK_EHDR
The initial fix in r276374 is valid only for 64-bit objects. Revert it
and return an error in CHECK_EHDR if the multiplication would overflow.
The original buffer overflow issue was found with the security/afl
fuzzer and has upstream elftoolchain ticket 462. The 32-bit object issue
with r276374 found by antoine@ during an i386 exp-run.
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=276427
Diffstat (limited to 'sys/amd64/vmm/vmm.c')
0 files changed, 0 insertions, 0 deletions