From patchwork Thu Mar 17 13:30:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Wielaard X-Patchwork-Id: 52049 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A364B3952001 for ; Thu, 17 Mar 2022 13:31:34 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 522603952000 for ; Thu, 17 Mar 2022 13:31:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 522603952000 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x09.wildebeest.org [172.31.17.139]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 1581A302FB81; Thu, 17 Mar 2022 14:31:20 +0100 (CET) Received: by reform (Postfix, from userid 1000) id E789C2E81D4B; Thu, 17 Mar 2022 14:31:19 +0100 (CET) From: Mark Wielaard To: elfutils-devel@sourceware.org Subject: [PATCH 1/2] libelf: Take map offset into account for Shdr alignment check in elf_begin Date: Thu, 17 Mar 2022 14:30:50 +0100 Message-Id: <20220317133051.100876-2-mark@klomp.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220317133051.100876-1-mark@klomp.org> References: <20220317133051.100876-1-mark@klomp.org> MIME-Version: 1.0 X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , Cc: david korczynski , Mark Wielaard , Evgeny Vereshchagin Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org Sender: "Elfutils-devel" The sh_num function tries to get at the zero section Shdr directly. When the file is mmapped it has to make sure the offset into the file to the start of the Elf structure is taken into account when trying to cast the address to make sure the alignment is correct. Signed-off-by: Mark Wielaard --- libelf/ChangeLog | 5 +++++ libelf/elf_begin.c | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 29a8aae1..1883af07 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2022-03-17 Mark Wielaard + + * elf_begin.c (get_shnum): Take offset into account for Shdr + alignment check. + 2021-12-19 Mark Wielaard * elf_begin.c (file_read_elf): Cast ehdr to uintptr_t before e_shoff diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 0c9a988d..03b80185 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -158,7 +158,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + ehdr.e32->e_shoff)) + || (((size_t) ((char *) (map_address + ehdr.e32->e_shoff + + offset))) & (__alignof__ (Elf32_Shdr) - 1)) == 0)) /* We can directly access the memory. */ result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff @@ -218,7 +219,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, Elf64_Xword size; if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + ehdr.e64->e_shoff)) + || (((size_t) ((char *) (map_address + ehdr.e64->e_shoff + + offset))) & (__alignof__ (Elf64_Shdr) - 1)) == 0)) /* We can directly access the memory. */ size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff From patchwork Thu Mar 17 13:30:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Wielaard X-Patchwork-Id: 52050 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B75FA3952009 for ; Thu, 17 Mar 2022 13:32:02 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 8C284394FC3B for ; Thu, 17 Mar 2022 13:31:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8C284394FC3B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x09.wildebeest.org [172.31.17.139]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 588FF302FB91; Thu, 17 Mar 2022 14:31:23 +0100 (CET) Received: by reform (Postfix, from userid 1000) id 1C7552E81D4B; Thu, 17 Mar 2022 14:31:23 +0100 (CET) From: Mark Wielaard To: elfutils-devel@sourceware.org Subject: [PATCH 2/2] libelf: Make sure ar_size starts with a digit before calling atol. Date: Thu, 17 Mar 2022 14:30:51 +0100 Message-Id: <20220317133051.100876-3-mark@klomp.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220317133051.100876-1-mark@klomp.org> References: <20220317133051.100876-1-mark@klomp.org> MIME-Version: 1.0 X-Spam-Status: No, score=-9.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , Cc: david korczynski , Mark Wielaard , Evgeny Vereshchagin Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org Sender: "Elfutils-devel" The ar_size field is a 10 character string, not zero terminated, of decimal digits right padded with spaces. Make sure it actually starts with a digit before calling atol on it. We already make sure it is zero terminated. Otherwise atol might produce unexpected results. Signed-off-by: Mark Wielaard --- libelf/ChangeLog | 4 ++++ libelf/elf_begin.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 1883af07..07dd905f 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,7 @@ +2022-03-17 Mark Wielaard + + * elf_begin.c (read_long_names): Check ar_size starts with a digit. + 2022-03-17 Mark Wielaard * elf_begin.c (get_shnum): Take offset into account for Shdr diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 03b80185..917e0c71 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -765,6 +765,11 @@ read_long_names (Elf *elf) *((char *) mempcpy (buf, hdr->ar_size, sizeof (hdr->ar_size))) = '\0'; string = buf; } + + /* atol expects to see at least one digit. + It also cannot be negative (-). */ + if (!isdigit(string[0])) + return NULL; len = atol (string); if (memcmp (hdr->ar_name, "// ", 16) == 0)