Index | Thread | Search

From:
Lennart Jablonka <humm@ljabl.com>
Subject:
[patch] fix verification of null bytes in elf notes
To:
tech@openbsd.org
Date:
Mon, 6 Apr 2026 19:59:40 +0000

Download raw body.

Thread

  • Lennart Jablonka:

    [patch] fix verification of null bytes in elf notes

elf_os_pt_note_name verifies that padding bytes that can occur in
ELF notes are null bytes as they ought to.  Except it doesn't,
because the continue applies to the inner loop.

Index: exec_elf.c
===================================================================
RCS file: /cvs/src/sys/kern/exec_elf.c,v
diff -u -p -r1.195 exec_elf.c
--- exec_elf.c	9 Feb 2026 21:58:27 -0000	1.195
+++ exec_elf.c	6 Apr 2026 19:58:16 -0000
@@ -1042,15 +1042,17 @@ elf_os_pt_note_name(Elf_Note *np, int *t
 		/* verify name padding (after the NUL) is NUL */
 		for (j = namlen + 1; j < elfround(np->namesz); j++)
 			if (((char *)(np + 1))[j] != '\0')
-				continue;
+				goto cont;
 		/* verify desc padding is NUL */
 		for (j = np->descsz; j < elfround(np->descsz); j++)
 			if (((char *)(np + 1))[j] != '\0')
-				continue;
+				goto cont;
 		if (strcmp((char *)(np + 1), elf_note_names[i].name) == 0) {
 			*typep = np->type;
 			return elf_note_names[i].id;
 		}
+	cont:
+		;
 	}
 	return (0);
 }