From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 54625 invoked by alias); 4 Oct 2017 18:57:48 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 53494 invoked by uid 89); 4 Oct 2017 18:57:48 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY autolearn=ham version=3.3.2 spammy=H*Ad:U*jistone X-Spam-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 04 Oct 2017 18:57:47 +0000 Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 38DCC302BB32; Wed, 4 Oct 2017 20:57:45 +0200 (CEST) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 349FB413F1DE; Wed, 4 Oct 2017 20:57:45 +0200 (CEST) From: Mark Wielaard To: elfutils-devel@sourceware.org Cc: Josh Stone , Mark Wielaard Subject: [PATCH 2/2] libelf: Don't error out when sanity checking e_shoff if scncnt is zero. Date: Wed, 04 Oct 2017 18:57:00 -0000 Message-Id: <1507143449-19288-2-git-send-email-mark@klomp.org> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1507143449-19288-1-git-send-email-mark@klomp.org> References: <1507143353.9961.25.camel@klomp.org> <1507143449-19288-1-git-send-email-mark@klomp.org> X-IsSubscribed: yes X-SW-Source: 2017-q4/txt/msg00006.txt.bz2 We won't use the e_shoff value in that case because we will set elf->state.elf[64|32].scns.cnt to zero to indicate not to read any section header data from the file. Signed-off-by: Mark Wielaard --- libelf/ChangeLog | 5 +++++ libelf/elf_begin.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 36b57dd..6aa1c6f 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,5 +1,10 @@ 2017-10-04 Mark Wielaard + * elf_begin.c (file_read_elf): Skip sanity checking e_shoff if scncnt + is zero, we won't use it then. + +2017-10-04 Mark Wielaard + * libelfP.h: Add ELF_E_INVALID_ELF to error values enum. * elf_error.c (ELF_E_INVALID_ELF_IDX): New define. Use it as value for ELF_E_INVALID_ELF in msgidx. diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 5545278..fb3a5b5 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -373,7 +373,7 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, || (((uintptr_t) ((char *) ehdr + e_shoff) & (__alignof__ (Elf32_Shdr) - 1)) == 0))) { - if (unlikely (e_shoff >= maxsize) + if (unlikely (scncnt > 0 && e_shoff >= maxsize) || unlikely (maxsize - e_shoff < scncnt * sizeof (Elf32_Shdr))) { @@ -475,7 +475,7 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, || (((uintptr_t) ((char *) ehdr + e_shoff) & (__alignof__ (Elf64_Shdr) - 1)) == 0))) { - if (unlikely (e_shoff >= maxsize) + if (unlikely (scncnt > 0 && e_shoff >= maxsize) || unlikely (maxsize - e_shoff < scncnt * sizeof (Elf64_Shdr))) goto free_and_out; -- 1.8.3.1