summaryrefslogtreecommitdiffstats
path: root/libdwfl
diff options
context:
space:
mode:
authorMark Wielaard <mark@klomp.org>2021-12-16 00:29:22 +0100
committerMark Wielaard <mark@klomp.org>2021-12-16 19:50:38 +0100
commit3c9b69161b842708b4ef2f4e0f0b3ad1812798c2 (patch)
treef09dca9a1dd00f26dab14e6f5fdb0f161cb0fc96 /libdwfl
parentlibelf: Use offsetof to get field of unaligned (diff)
downloadelfutils-3c9b69161b842708b4ef2f4e0f0b3ad1812798c2.tar.gz
elfutils-3c9b69161b842708b4ef2f4e0f0b3ad1812798c2.tar.bz2
elfutils-3c9b69161b842708b4ef2f4e0f0b3ad1812798c2.tar.xz
libdwfl: Make sure phent is sane and there is at least one phdr
dwfl_link_map_report can only handle program headers that are the correct (32 or 64 bit) size. The buffer read in needs to contain room for at least one Phdr. https://sourceware.org/bugzilla/show_bug.cgi?id=28660 Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdwfl')
-rw-r--r--libdwfl/ChangeLog6
-rw-r--r--libdwfl/link_map.c16
2 files changed, 20 insertions, 2 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index aaea164c..7bf789e0 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,9 @@
12021-12-15 Mark Wielaard <mark@klomp.org>
2
3 * link_map.c (dwfl_link_map_report): Make sure phent is either sizeof
4 Elf32_Phdr or sizeof Elf64_Phdr. Check in.d_size can hold at least one
5 Phdr.
6
12021-12-12 Mark Wielaard <mark@klomp.org> 72021-12-12 Mark Wielaard <mark@klomp.org>
2 8
3 * dwfl_segment_report_module.c (dwfl_segment_report_module): Don't 9 * dwfl_segment_report_module.c (dwfl_segment_report_module): Don't
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index ad93501e..82df7b69 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -1,5 +1,6 @@
1/* Report modules by examining dynamic linker data structures. 1/* Report modules by examining dynamic linker data structures.
2 Copyright (C) 2008-2016 Red Hat, Inc. 2 Copyright (C) 2008-2016 Red Hat, Inc.
3 Copyright (C) 2021 Mark J. Wielaard <mark@klomp.org>
3 This file is part of elfutils. 4 This file is part of elfutils.
4 5
5 This file is free software; you can redistribute it and/or modify 6 This file is free software; you can redistribute it and/or modify
@@ -784,7 +785,9 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
784 GElf_Xword dyn_filesz = 0; 785 GElf_Xword dyn_filesz = 0;
785 GElf_Addr dyn_bias = (GElf_Addr) -1; 786 GElf_Addr dyn_bias = (GElf_Addr) -1;
786 787
787 if (phdr != 0 && phnum != 0 && phent != 0) 788 if (phdr != 0 && phnum != 0
789 && ((elfclass == ELFCLASS32 && phent == sizeof (Elf32_Phdr))
790 || (elfclass == ELFCLASS64 && phent == sizeof (Elf64_Phdr))))
788 { 791 {
789 Dwfl_Module *phdr_mod; 792 Dwfl_Module *phdr_mod;
790 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod); 793 int phdr_segndx = INTUSE(dwfl_addrsegment) (dwfl, phdr, &phdr_mod);
@@ -904,7 +907,16 @@ dwfl_link_map_report (Dwfl *dwfl, const void *auxv, size_t auxv_size,
904 .d_buf = buf 907 .d_buf = buf
905 }; 908 };
906 if (in.d_size > out.d_size) 909 if (in.d_size > out.d_size)
907 in.d_size = out.d_size; 910 {
911 in.d_size = out.d_size;
912 phnum = in.d_size / phent;
913 if (phnum == 0)
914 {
915 free (buf);
916 __libdwfl_seterrno (DWFL_E_BADELF);
917 return false;
918 }
919 }
908 if (likely ((elfclass == ELFCLASS32 920 if (likely ((elfclass == ELFCLASS32
909 ? elf32_xlatetom : elf64_xlatetom) 921 ? elf32_xlatetom : elf64_xlatetom)
910 (&out, &in, elfdata) != NULL)) 922 (&out, &in, elfdata) != NULL))