Re: [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks.

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

* Re: [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks.
@ 2016-11-10 11:17 Mark Wielaard
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2016-11-10 11:17 UTC (permalink / raw)
  To: elfutils-devel

[-- Attachment #1: Type: text/plain, Size: 724 bytes --]

On Wed, 2016-10-26 at 13:17 +0200, Mark Wielaard wrote:
> There are various sanity checks that depend on knowing the file size
> of the underlying ELF file which we only used when mmapping the ELF file.
> Although we probably won't crash if we use pread to try to read from
> the file, we still might return completely bogus data structures. This
> could cause us to malloc insane amounts of memory.
> 
> Always try to get the maxsize when unknown in elf_begin.c (read_file).
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1388057

Again I didn't hear back from the original reporter whether this
really solved their problem. But the change does look correct and
desirable. So I have pushed this to master now.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks.
@ 2016-10-26 11:17 Mark Wielaard
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2016-10-26 11:17 UTC (permalink / raw)
  To: elfutils-devel

[-- Attachment #1: Type: text/plain, Size: 3359 bytes --]

There are various sanity checks that depend on knowing the file size
of the underlying ELF file which we only used when mmapping the ELF file.
Although we probably won't crash if we use pread to try to read from
the file, we still might return completely bogus data structures. This
could cause us to malloc insane amounts of memory.

Always try to get the maxsize when unknown in elf_begin.c (read_file).

https://bugzilla.redhat.com/show_bug.cgi?id=1388057

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libelf/ChangeLog   |  8 ++++++--
 libelf/elf_begin.c | 37 +++++++++++++++++++++----------------
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 35af786..39fbccf 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,4 +1,8 @@
-2015-10-11  Akihiko Odaki  <akihiko.odaki.4i@stu.hosei.ac.jp>
+2016-10-26  Mark Wielaard  <mjw@redhat.com>
+
+	* elf_begin.c (read_file): Always set maxsize when parent == NULL.
+
+2016-10-11  Akihiko Odaki  <akihiko.odaki.4i@stu.hosei.ac.jp>
 
 	* elf_getarsym.c (elf_getarsym): Open code rawmemchr when not
 	available.
@@ -6,7 +10,7 @@
 	(validate_str): New function.
 	(elf_strptr): Use validate_str instead of memrchr.
 
-2015-10-11  Akihiko Odaki  <akihiko.odaki.4i@stu.hosei.ac.jp>
+2016-10-11  Akihiko Odaki  <akihiko.odaki.4i@stu.hosei.ac.jp>
 
 	* elf32_updatefile.c: Remove sys/param.h include.
 	* elf32_updatenull.c: Likewise. Add system.h include.
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 8fdb376..5e9099c 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -1,5 +1,5 @@
 /* Create descriptor for processing file.
-   Copyright (C) 1998-2010, 2012, 2014, 2015 Red Hat, Inc.
+   Copyright (C) 1998-2010, 2012, 2014, 2015, 2016 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 1998.
 
@@ -605,22 +605,30 @@ read_file (int fildes, off_t offset, size_t maxsize,
 		  || cmd == ELF_C_WRITE_MMAP
 		  || cmd == ELF_C_READ_MMAP_PRIVATE);
 
+  if (parent == NULL)
+    {
+      if (maxsize == ~((size_t) 0))
+	{
+	  /* We don't know in the moment how large the file is.
+	     Determine it now.  */
+	  struct stat st;
+
+	  if (fstat (fildes, &st) == 0
+	      && (sizeof (size_t) >= sizeof (st.st_size)
+		  || st.st_size <= ~((size_t) 0)))
+	    maxsize = (size_t) st.st_size;
+	}
+    }
+  else
+    {
+      /* The parent is already loaded.  Use it.  */
+      assert (maxsize != ~((size_t) 0));
+    }
+
   if (use_mmap)
     {
       if (parent == NULL)
 	{
-	  if (maxsize == ~((size_t) 0))
-	    {
-	      /* We don't know in the moment how large the file is.
-		 Determine it now.  */
-	      struct stat st;
-
-	      if (fstat (fildes, &st) == 0
-		  && (sizeof (size_t) >= sizeof (st.st_size)
-		      || st.st_size <= ~((size_t) 0)))
-		maxsize = (size_t) st.st_size;
-	    }
-
 	  /* We try to map the file ourself.  */
 	  map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP
 					      ? PROT_READ
@@ -635,9 +643,6 @@ read_file (int fildes, off_t offset, size_t maxsize,
 	}
       else
 	{
-	  /* The parent is already loaded.  Use it.  */
-	  assert (maxsize != ~((size_t) 0));
-
 	  map_address = parent->map_address;
 	}
     }
-- 
1.8.3.1

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-11-10 11:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-10 11:17 [PATCH] libelf: Always set ELF maxsize when reading an ELF file for sanity checks Mark Wielaard
  -- strict thread matches above, loose matches on Subject: below --
2016-10-26 11:17 Mark Wielaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).