This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] libelf: Make sure shdrs are valid before storing extended phnum in newphdr.

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Tue, 12 May 2015 15:19:37 +0200
Subject: [PATCH] libelf: Make sure shdrs are valid before storing extended phnum in newphdr.

Creating phdr with more than PN_XNUM phnum requires a valid section zero
shdr to store the extended value. Make sure the shdrs are valid. Also fix
the error when count was too big to store by setting ELF_E_INVALID_INDEX
before failing.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libelf/ChangeLog       |  6 ++++++
 libelf/elf32_newphdr.c | 12 +++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 312d5cf..a7983a0 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2015-05-12  Mark Wielaard  <mjw@redhat.com>
+
+	* elf32_newphdr.c (newphdr): Call __libelf_seterrno with
+	ELF_E_INVALID_INDEX before failing. Check whether section zero shdr
+	actually exists if we need to put extended phnum in section zero.
+
 2015-05-08  Mark Wielaard  <mjw@redhat.com>
 
 	* nlist.c (nlist): Call gelf_fsize with EV_CURRENT.
diff --git a/libelf/elf32_newphdr.c b/libelf/elf32_newphdr.c
index 01038e7..f89153b 100644
--- a/libelf/elf32_newphdr.c
+++ b/libelf/elf32_newphdr.c
@@ -116,6 +116,17 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
     {
       if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
 	{
+	  __libelf_seterrno (ELF_E_INVALID_INDEX);
+	  result = NULL;
+	  goto out;
+	}
+
+      Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
+      if (unlikely (count >= PN_XNUM && scn0->shdr.ELFW(e,LIBELFBITS) == NULL))
+	{
+	  /* Something is wrong with section zero, but we need it to write
+	     the extended phdr count.  */
+	  __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
 	  result = NULL;
 	  goto out;
 	}
@@ -134,7 +145,6 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
 	  if (count >= PN_XNUM)
 	    {
 	      /* We have to write COUNT into the zeroth section's sh_info.  */
-	      Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
 	      if (elf->state.ELFW(elf,LIBELFBITS).scns.cnt == 0)
 		{
 		  assert (elf->state.ELFW(elf,LIBELFBITS).scns.max > 0);
-- 
2.1.0

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]