This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] elflint: Sanity check the number of phdrs and shdrs available.

From: Mark Wielaard <mark at klomp dot org>
To: elfutils-devel at sourceware dot org
Cc: Mark Wielaard <mark at klomp dot org>
Date: Tue, 28 Mar 2017 01:25:34 +0200
Subject: [PATCH] elflint: Sanity check the number of phdrs and shdrs available.
Authentication-results: sourceware.org; auth=none

Make sure we can at least read the shnum sections or phnum segments.
Limit the number we do check to those we can actually read.

https://sourceware.org/bugzilla/show_bug.cgi?id=21312

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/ChangeLog |  4 ++++
 src/elflint.c | 26 ++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/src/ChangeLog b/src/ChangeLog
index bc9bffb..7034152 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2017-03-27  Mark Wielaard  <mark@klomp.org>
 
+	* elflint.c (check_elf_header): Sanity check phnum and shnum.
+
+2017-03-27  Mark Wielaard  <mark@klomp.org>
+
 	* elflint.c (check_sysv_hash): Return early if section size is
 	too small.
 	(check_sysv_hash64): Likewise.
diff --git a/src/elflint.c b/src/elflint.c
index 5e95ca9..6c83a77 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -456,6 +456,19 @@ invalid number of section header table entries\n"));
 	ERROR (gettext ("invalid section header index\n"));
     }
 
+  /* Check the shdrs actually exist. */
+  unsigned int scnt;
+  Elf_Scn *scn = NULL;
+  for (scnt = 1; scnt < shnum; ++scnt)
+     {
+	scn = elf_nextscn (ebl->elf, scn);
+	if (scn == NULL)
+	  break;
+     }
+  if (scnt < shnum)
+    ERROR (gettext ("Can only check %u headers, shnum was %u\n"), scnt, shnum);
+  shnum = scnt;
+
   phnum = ehdr->e_phnum;
   if (ehdr->e_phnum == PN_XNUM)
     {
@@ -474,6 +487,19 @@ invalid number of program header table entries\n"));
 	}
     }
 
+  /* Check the phdrs actually exist. */
+  unsigned int pcnt;
+  for (pcnt = 0; pcnt < phnum; ++pcnt)
+     {
+	GElf_Phdr phdr_mem;
+	GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
+	if (phdr == NULL)
+	  break;
+     }
+  if (pcnt < phnum)
+    ERROR (gettext ("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
+  phnum = pcnt;
+
   /* Check the e_flags field.  */
   if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
     ERROR (gettext ("invalid machine flags: %s\n"),
-- 
2.9.3

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]