:: commit de17e9448ed8e1b8b5c1ad396fcd0197f0faa4ca

Mintsuki <mintsuki@protonmail.com> — 2026-04-18 20:17

parents: 5ff4e28ff5

protos/multiboot1: Validate ELF section entry size before casting

diff --git a/common/protos/multiboot1.c b/common/protos/multiboot1.c
index 08d95f56..0fd7795e 100644
--- a/common/protos/multiboot1.c
+++ b/common/protos/multiboot1.c
@@ -254,6 +254,11 @@ noreturn void multiboot1_load(char *config, char *cmdline) {
 
         int bits = elf_bits(kernel, kernel_file_size);
 
+        if ((bits == 64 && section_hdr_info.section_entry_size < sizeof(struct elf64_shdr)) ||
+            (bits == 32 && section_hdr_info.section_entry_size < sizeof(struct elf32_shdr))) {
+            panic(true, "multiboot1: ELF section entry size too small");
+        }
+
         for (size_t i = 0; i < section_hdr_info.num; i++) {
             if (bits == 64) {
                 struct elf64_shdr *shdr = (void *)sections + i * section_hdr_info.section_entry_size;
tab: 248 wrap: offon
iczelia
https://iczelia.net // (c) 2019 - 2026 iczelia (Kamila Szewczyk) // email: k@iczelia.net