From patchwork Fri Mar 18 11:18:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Wielaard <mark@klomp.org>
X-Patchwork-Id: 52096
Return-Path: <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 2D9DD3888838
	for <patchwork@sourceware.org>; Fri, 18 Mar 2022 11:19:22 +0000 (GMT)
X-Original-To: elfutils-devel@sourceware.org
Delivered-To: elfutils-devel@sourceware.org
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id D892E3858C2C
 for <elfutils-devel@sourceware.org>; Fri, 18 Mar 2022 11:19:16 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D892E3858C2C
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from reform (deer0x09.wildebeest.org [172.31.17.139])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id 9C651302FB91;
 Fri, 18 Mar 2022 12:19:15 +0100 (CET)
Received: by reform (Postfix, from userid 1000)
 id 55C042E81D4B; Fri, 18 Mar 2022 12:19:15 +0100 (CET)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Subject: [PATCH] libelf: Check alignment of Verdef, Verdaux,
 Verneed and Vernaux offsets
Date: Fri, 18 Mar 2022 12:18:25 +0100
Message-Id: <20220318111825.138127-1-mark@klomp.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
Cc: david korczynski <david@adalogics.com>, Mark Wielaard <mark@klomp.org>
Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Elfutils-devel"
 <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>

The Verdef, Verdaux, Verneed and Vernaux structures contain fields
which point to the next structures. Make sure these offsets are
correctly aligned for the structures they point to.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libelf/ChangeLog       |  6 ++++++
 libelf/version_xlate.h | 17 +++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 07dd905f..f6b47c68 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2022-03-18  Mark Wielaard  <mark@klomp.org>
+
+	* version_xlate.h (elf_cvt_Verdef): Check alignment of def_offset
+	and aux_offset.
+	(elf_cvt_Verneed): Check alignment of need_offset and aux_offset.
+
 2022-03-17  Mark Wielaard  <mark@klomp.org>
 
 	* elf_begin.c (read_long_names): Check ar_size starts with a digit.
diff --git a/libelf/version_xlate.h b/libelf/version_xlate.h
index 9fe01c64..b7bd301d 100644
--- a/libelf/version_xlate.h
+++ b/libelf/version_xlate.h
@@ -1,5 +1,6 @@
 /* Conversion functions for versioning information.
    Copyright (C) 1998, 1999, 2000, 2002, 2003, 2015 Red Hat, Inc.
+   Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 1998.
 
@@ -66,7 +67,9 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
       GElf_Verdaux *asrc;
 
       /* Test for correct offset.  */
-      if (def_offset > len || len - def_offset < sizeof (GElf_Verdef))
+      if (def_offset > len
+	  || len - def_offset < sizeof (GElf_Verdef)
+	  || (def_offset & (__alignof__ (GElf_Verdef) - 1)) != 0)
 	return;
 
       /* Work the tree from the first record.  */
@@ -95,7 +98,9 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
 	  GElf_Verdaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Verdaux))
+	  if (aux_offset > len
+	      || len - aux_offset < sizeof (GElf_Verdaux)
+	      || (aux_offset & (__alignof__ (GElf_Verdaux) - 1)) != 0)
 	    return;
 
 	  adest = (GElf_Verdaux *) ((char *) dest + aux_offset);
@@ -165,7 +170,9 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
       GElf_Vernaux *asrc;
 
       /* Test for correct offset.  */
-      if (need_offset > len || len - need_offset < sizeof (GElf_Verneed))
+      if (need_offset > len
+	  || len - need_offset < sizeof (GElf_Verneed)
+	  || (need_offset & (__alignof__ (GElf_Verneed) - 1)) != 0)
 	return;
 
       /* Work the tree from the first record.  */
@@ -192,7 +199,9 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
 	  GElf_Vernaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Vernaux))
+	  if (aux_offset > len
+	      || len - aux_offset < sizeof (GElf_Vernaux)
+	      || (aux_offset & (__alignof__ (GElf_Vernaux) - 1)) != 0)
 	    return;
 
 	  adest = (GElf_Vernaux *) ((char *) dest + aux_offset);