From patchwork Wed Aug 28 21:58:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Wielaard <mark@klomp.org>
X-Patchwork-Id: 96644
Return-Path: <elfutils-devel-bounces~patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 86055385C6C7
	for <patchwork@sourceware.org>; Wed, 28 Aug 2024 21:59:17 +0000 (GMT)
X-Original-To: elfutils-devel@sourceware.org
Delivered-To: elfutils-devel@sourceware.org
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id C97A23858D39
 for <elfutils-devel@sourceware.org>; Wed, 28 Aug 2024 21:59:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C97A23858D39
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C97A23858D39
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=45.83.234.184
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1724882348; cv=none;
 b=smj3k72yCorra22WEnj+uju/rk9GIHlKp6TO8WlsG+GchJXAGjA9BM/AgDCJ23KSiTinhBt9lJYoAhJbmNcWlTQpcTu4YOLd+678C0iMkAMDIG0LSC1jIJergkAFLyVgugYbduoE8uMnfzvO1xUHqYNVTIVtnG3BSlk8fHJxDCk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1724882348; c=relaxed/simple;
 bh=huzbA83pAdhMoywwgYgAuOKUykdElMxHkwvnOlzRPwk=;
 h=From:To:Subject:Date:Message-ID:MIME-Version;
 b=sS5BNDVSKZkr5HYrBg62xr7bozwuCfselWBIlFxUIm2u7lHvbfMxepRzUznp5K9vKFjDvwU1jiUNhJQQRKgbTdrWIGeS7h2Ycta6FoGYCj6z4V1XzhNQT93ukyRGXgahipOI7Inll0tkBJ2TGIcDg2GOZ2XXQLAtHJQvOFDJvdg=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from mwielaar-thinkpadp1gen3.rmtnl.csb (deer0x08.wildebeest.org
 [172.31.17.138])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id B1660306A5C4;
 Wed, 28 Aug 2024 23:59:04 +0200 (CEST)
Received: by mwielaar-thinkpadp1gen3.rmtnl.csb (Postfix, from userid 10916)
 id 83E2B3BB84F; Wed, 28 Aug 2024 23:59:04 +0200 (CEST)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: Mark Wielaard <mark@klomp.org>
Subject: [PATCH] libelf: Don't crash elf[32|64]_xlateto[fm] on bad arguments.
Date: Wed, 28 Aug 2024 23:58:58 +0200
Message-ID: <20240828215858.383425-1-mark@klomp.org>
X-Mailer: git-send-email 2.46.0
MIME-Version: 1.0
X-Spam-Status: No, score=-8.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Post: <mailto:elfutils-devel@sourceware.org>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
Errors-To: elfutils-devel-bounces~patchwork=sourceware.org@sourceware.org

Check that src and dest aren't NULL and that src->d_type < ELF_T_NUM.

      * elf32_xlatetof.c (elfw2(LIBELFBITS, xlatetof)): Check src, dest
      and src->d_type are valid.
      * elf32_xlatetom.c (elfw2(LIBELFBITS, xlatetom)): Likewise.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libelf/elf32_xlatetof.c | 9 +++++++++
 libelf/elf32_xlatetom.c | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/libelf/elf32_xlatetof.c b/libelf/elf32_xlatetof.c
index ab3e609ee5d2..44c75ef052fc 100644
--- a/libelf/elf32_xlatetof.c
+++ b/libelf/elf32_xlatetof.c
@@ -45,6 +45,15 @@ Elf_Data *
 elfw2(LIBELFBITS, xlatetof) (Elf_Data *dest, const Elf_Data *src,
 			     unsigned int encode)
 {
+  if (src == NULL || dest == NULL)
+    return NULL;
+
+  if (src->d_type >= ELF_T_NUM)
+    {
+      __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+      return NULL;
+    }
+
   /* First test whether the input data is really suitable for this
      type.  This means, whether there is an integer number of records.
      Note that for this implementation the memory and file size of the
diff --git a/libelf/elf32_xlatetom.c b/libelf/elf32_xlatetom.c
index fa3dc9a724a1..a1eea842803e 100644
--- a/libelf/elf32_xlatetom.c
+++ b/libelf/elf32_xlatetom.c
@@ -45,6 +45,15 @@ Elf_Data *
 elfw2(LIBELFBITS, xlatetom) (Elf_Data *dest, const Elf_Data *src,
 			     unsigned int encode)
 {
+  if (src == NULL || dest == NULL)
+    return NULL;
+
+  if (src->d_type >= ELF_T_NUM)
+    {
+      __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+      return NULL;
+    }
+
   /* First test whether the input data is really suitable for this
      type.  This means, whether there is an integer number of records.
      Note that for this implementation the memory and file size of the