[gentoo-commits] gentoo-projects commit in pax-utils: paxelf.h scanelf.c

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo-projects commit in pax-utils: paxelf.h scanelf.c
@ 2015-02-28 22:57 Mike Frysinger (vapier)
  0 siblings, 0 replies; only message in thread
From: Mike Frysinger (vapier) @ 2015-02-28 22:57 UTC (permalink / raw
  To: gentoo-commits

vapier      15/02/28 22:57:40

  Modified:             paxelf.h scanelf.c
  Log:
  scanelf: check shdrs are valid before using them

Revision  Changes    Path
1.61                 pax-utils/paxelf.h

file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?rev=1.61&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?rev=1.61&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/paxelf.h?r1=1.60&r2=1.61

Index: paxelf.h
===================================================================
RCS file: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- paxelf.h	18 Jun 2014 03:16:52 -0000	1.60
+++ paxelf.h	28 Feb 2015 22:57:40 -0000	1.61
@@ -1,7 +1,7 @@
 /*
  * Copyright 2005-2012 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.60 2014/06/18 03:16:52 vapier Exp $
+ * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.61 2015/02/28 22:57:40 vapier Exp $
  *
  * Copyright 2005-2012 Ned Ludd        - <solar@gentoo.org>
  * Copyright 2005-2012 Mike Frysinger  - <vapier@gentoo.org>
@@ -40,6 +40,13 @@
 #define SYM32(ptr) ((Elf32_Sym *)(ptr))
 #define SYM64(ptr) ((Elf64_Sym *)(ptr))
 
+#define VALID_SHDR(elf, shdr) \
+	(shdr && \
+	 EGET(shdr->sh_type) != SHT_NOBITS && \
+	 EGET(shdr->sh_offset) < (uint64_t)elf->len && \
+	 EGET(shdr->sh_size) < (uint64_t)elf->len && \
+	 EGET(shdr->sh_offset) < elf->len - EGET(shdr->sh_size))
+
 /* prototypes */
 extern char *pax_short_hf_flags(unsigned long flags);
 extern char *pax_short_pf_flags(unsigned long flags);



1.276                pax-utils/scanelf.c

file : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.276&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?rev=1.276&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-projects/pax-utils/scanelf.c?r1=1.275&r2=1.276

Index: scanelf.c
===================================================================
RCS file: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v
retrieving revision 1.275
retrieving revision 1.276
diff -u -r1.275 -r1.276
--- scanelf.c	24 Feb 2015 06:58:39 -0000	1.275
+++ scanelf.c	28 Feb 2015 22:57:40 -0000	1.276
@@ -1,13 +1,13 @@
 /*
  * Copyright 2003-2012 Gentoo Foundation
  * Distributed under the terms of the GNU General Public License v2
- * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.275 2015/02/24 06:58:39 vapier Exp $
+ * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.276 2015/02/28 22:57:40 vapier Exp $
  *
  * Copyright 2003-2012 Ned Ludd        - <solar@gentoo.org>
  * Copyright 2004-2012 Mike Frysinger  - <vapier@gentoo.org>
  */
 
-static const char rcsid[] = "$Id: scanelf.c,v 1.275 2015/02/24 06:58:39 vapier Exp $";
+static const char rcsid[] = "$Id: scanelf.c,v 1.276 2015/02/28 22:57:40 vapier Exp $";
 const char argv0[] = "scanelf";
 
 #include "paxinc.h"
@@ -189,13 +189,13 @@
 	Elf ## B ## _Shdr *edynsym = dynsym; \
 	Elf ## B ## _Shdr *edynstr = dynstr; \
 	\
-	if (symtab && EGET(esymtab->sh_type) == SHT_NOBITS) \
+	if (!VALID_SHDR(elf, esymtab)) \
 		symtab = NULL; \
-	if (dynsym && EGET(edynsym->sh_type) == SHT_NOBITS) \
+	if (!VALID_SHDR(elf, edynsym)) \
 		dynsym = NULL; \
-	if (strtab && EGET(estrtab->sh_type) == SHT_NOBITS) \
+	if (!VALID_SHDR(elf, estrtab)) \
 		strtab = NULL; \
-	if (dynstr && EGET(edynstr->sh_type) == SHT_NOBITS) \
+	if (!VALID_SHDR(elf, edynstr)) \
 		dynstr = NULL; \
 	\
 	/* Use the set with more symbols if both exist. */ \
@@ -1404,6 +1404,8 @@
 		Elf ## B ## _Word i, cnt = EGET(symtab->sh_entsize); \
 		char *symname; \
 		size_t ret_len = 0; \
+		if (!VALID_SHDR(elf, symtab) || !VALID_SHDR(elf, strtab)) \
+			goto break_out; \
 		if (cnt) \
 			cnt = EGET(symtab->sh_size) / cnt; \
 		for (i = 0; i < cnt; ++i) { \





^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-02-28 22:57 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-28 22:57 [gentoo-commits] gentoo-projects commit in pax-utils: paxelf.h scanelf.c Mike Frysinger (vapier)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox