Download raw body.
[patch] fix verification of null bytes in elf notes
>I think this is correct but while looking at this function is the
>desc padding check working as intended? Is that a second bug or do
>I need more coffee?
You're right. The description follows the name.
It's also interesting how some specifications of ELF want padding
to four bytes, whereas other ELF specs want padding to eight bytes
on 64 bit machines. But we seem to just pad to four bytes.
Index: exec_elf.c
===================================================================
RCS file: /mnt/src/openbsd.cvs/src/sys/kern/exec_elf.c,v
diff -u -p -r1.195 exec_elf.c
--- exec_elf.c 9 Feb 2026 21:58:27 -0000 1.195
+++ exec_elf.c 8 Apr 2026 14:59:28 -0000
@@ -1042,15 +1043,17 @@ elf_os_pt_note_name(Elf_Note *np, int *t
/* verify name padding (after the NUL) is NUL */
for (j = namlen + 1; j < elfround(np->namesz); j++)
if (((char *)(np + 1))[j] != '\0')
- continue;
+ goto cont;
/* verify desc padding is NUL */
for (j = np->descsz; j < elfround(np->descsz); j++)
- if (((char *)(np + 1))[j] != '\0')
- continue;
+ if (((char *)(np + 1))[elfround(np->namesz) + j] != '\0')
+ goto cont;
if (strcmp((char *)(np + 1), elf_note_names[i].name) == 0) {
*typep = np->type;
return elf_note_names[i].id;
}
+ cont:
+ ;
}
return (0);
}
[patch] fix verification of null bytes in elf notes