vapier 15/02/28 22:57:40 Modified: paxelf.h scanelf.c Log: scanelf: check shdrs are valid before using them
Revision Changes Path 1.61 pax-utils/paxelf.h file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?rev=1.61&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?rev=1.61&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?r1=1.60&r2=1.61 Index: paxelf.h =================================================================== RCS file: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- paxelf.h 18 Jun 2014 03:16:52 -0000 1.60 +++ paxelf.h 28 Feb 2015 22:57:40 -0000 1.61 @@ -1,7 +1,7 @@ /* * Copyright 2005-2012 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.60 2014/06/18 03:16:52 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.61 2015/02/28 22:57:40 vapier Exp $ * * Copyright 2005-2012 Ned Ludd - <[email protected]> * Copyright 2005-2012 Mike Frysinger - <[email protected]> @@ -40,6 +40,13 @@ #define SYM32(ptr) ((Elf32_Sym *)(ptr)) #define SYM64(ptr) ((Elf64_Sym *)(ptr)) +#define VALID_SHDR(elf, shdr) \ + (shdr && \ + EGET(shdr->sh_type) != SHT_NOBITS && \ + EGET(shdr->sh_offset) < (uint64_t)elf->len && \ + EGET(shdr->sh_size) < (uint64_t)elf->len && \ + EGET(shdr->sh_offset) < elf->len - EGET(shdr->sh_size)) + /* prototypes */ extern char *pax_short_hf_flags(unsigned long flags); extern char *pax_short_pf_flags(unsigned long flags); 1.276 pax-utils/scanelf.c file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.276&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.276&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?r1=1.275&r2=1.276 Index: scanelf.c =================================================================== RCS file: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v retrieving revision 1.275 retrieving revision 1.276 diff -u -r1.275 -r1.276 --- scanelf.c 24 Feb 2015 06:58:39 -0000 1.275 +++ scanelf.c 28 Feb 2015 22:57:40 -0000 1.276 @@ -1,13 +1,13 @@ /* * Copyright 2003-2012 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.275 2015/02/24 06:58:39 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.276 2015/02/28 22:57:40 vapier Exp $ * * Copyright 2003-2012 Ned Ludd - <[email protected]> * Copyright 2004-2012 Mike Frysinger - <[email protected]> */ -static const char rcsid[] = "$Id: scanelf.c,v 1.275 2015/02/24 06:58:39 vapier Exp $"; +static const char rcsid[] = "$Id: scanelf.c,v 1.276 2015/02/28 22:57:40 vapier Exp $"; const char argv0[] = "scanelf"; #include "paxinc.h" @@ -189,13 +189,13 @@ Elf ## B ## _Shdr *edynsym = dynsym; \ Elf ## B ## _Shdr *edynstr = dynstr; \ \ - if (symtab && EGET(esymtab->sh_type) == SHT_NOBITS) \ + if (!VALID_SHDR(elf, esymtab)) \ symtab = NULL; \ - if (dynsym && EGET(edynsym->sh_type) == SHT_NOBITS) \ + if (!VALID_SHDR(elf, edynsym)) \ dynsym = NULL; \ - if (strtab && EGET(estrtab->sh_type) == SHT_NOBITS) \ + if (!VALID_SHDR(elf, estrtab)) \ strtab = NULL; \ - if (dynstr && EGET(edynstr->sh_type) == SHT_NOBITS) \ + if (!VALID_SHDR(elf, edynstr)) \ dynstr = NULL; \ \ /* Use the set with more symbols if both exist. */ \ @@ -1404,6 +1404,8 @@ Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \ char *symname; \ size_t ret_len = 0; \ + if (!VALID_SHDR(elf, symtab) || !VALID_SHDR(elf, strtab)) \ + goto break_out; \ if (cnt) \ cnt = EGET(symtab->sh_size) / cnt; \ for (i = 0; i < cnt; ++i) { \
