This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Sat, Jun 27, 2015 at 12:45:13PM +0200, Hanno Böck wrote: > One reason you might want to fix such issues is that they could be used > to cause memory exhaustion. E.g. you have a server that processes files > and you send them specially crafted small files that will use up a lot > of memory, but not that much that malloc failes. > > Therefore imho it makes sense to add some sanity checks. Parsers should > never accept any field sizes that are larger than the file itself. > > This is probably not so much an issue in self-containing tools like > elfutils. Honestly the biggest reason I report these is that asan > complains about them and it makes fuzzing easier if they get fixed. But > it's up to you. (Most other apps where I reported similar things fixed > them) The fix is indeed simple. We just have to switch the getting of data (and detecing it is bogus) before allocating the memory. With that your example gives: src/nm: bogus.elf: entry size in section 2 `(null)' is not what we expect src/nm: bogus.elf: INTERNAL ERROR 1207 (0.163): invalid data And then exists before trying to allocate any memory. Attached patch pushed to master. Hope that helps. Looking forward to more fuzzing results :) Thanks, Mark
Attachment:
0001-nm-First-call-elf_getdata-then-allocate-memory.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |