From 779bbe19ddfa0c3fbd5d8112a44aa44bdd2c1f2e Mon Sep 17 00:00:00 2001
From: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Date: Sun, 31 May 2015 12:03:07 +0200
Subject: [PATCH] Fix vulnerability if p_filesz exceeds p_memsz in ELF loader.

---
 kernel/elf.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/elf.cpp b/kernel/elf.cpp
index 7f12ccde..86a82255 100644
--- a/kernel/elf.cpp
+++ b/kernel/elf.cpp
@@ -255,6 +255,8 @@ uintptr_t Load(const void* file_ptr, size_t file_size, Auxiliary* aux)
 
 		if ( pheader->p_type == PT_LOAD )
 		{
+			if ( pheader->p_memsz < pheader->p_filesz )
+				return errno = EINVAL, 0;
 			if ( pheader->p_filesz &&
 			     pheader->p_vaddr % pheader->p_align !=
 			     pheader->p_offset % pheader->p_align )