diff options
| author | Mark Wielaard <mjw@redhat.com> | 2016-10-26 13:08:52 +0200 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2016-11-10 12:11:00 +0100 |
| commit | 191000fdedba3fafe4d5b8cddad3f3318b49c3fb (patch) | |
| tree | a5d69e218f1a4f183ac2e88299412b90c09d3c6c | |
| parent | ee38b26dc14f52eb8596e638776319ebc4213d36 (diff) | |
| download | elfutils-191000fdedba3fafe4d5b8cddad3f3318b49c3fb.tar.gz | |
libelf: Always set ELF maxsize when reading an ELF file for sanity checks.
There are various sanity checks that depend on knowing the file size
of the underlying ELF file which we only used when mmapping the ELF file.
Although we probably won't crash if we use pread to try to read from
the file, we still might return completely bogus data structures. This
could cause us to malloc insane amounts of memory.
Always try to get the maxsize when unknown in elf_begin.c (read_file).
https://bugzilla.redhat.com/show_bug.cgi?id=1388057
Signed-off-by: Mark Wielaard <mjw@redhat.com>
| -rw-r--r-- | libelf/ChangeLog | 8 | ||||
| -rw-r--r-- | libelf/elf_begin.c | 37 |
2 files changed, 27 insertions, 18 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 35af7865..39fbccf2 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,4 +1,8 @@ -2015-10-11 Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> +2016-10-26 Mark Wielaard <mjw@redhat.com> + + * elf_begin.c (read_file): Always set maxsize when parent == NULL. + +2016-10-11 Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> * elf_getarsym.c (elf_getarsym): Open code rawmemchr when not available. @@ -6,7 +10,7 @@ (validate_str): New function. (elf_strptr): Use validate_str instead of memrchr. -2015-10-11 Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> +2016-10-11 Akihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp> * elf32_updatefile.c: Remove sys/param.h include. * elf32_updatenull.c: Likewise. Add system.h include. diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 8fdb3764..5e9099c2 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -1,5 +1,5 @@ /* Create descriptor for processing file. - Copyright (C) 1998-2010, 2012, 2014, 2015 Red Hat, Inc. + Copyright (C) 1998-2010, 2012, 2014, 2015, 2016 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <drepper@redhat.com>, 1998. @@ -605,22 +605,30 @@ read_file (int fildes, off_t offset, size_t maxsize, || cmd == ELF_C_WRITE_MMAP || cmd == ELF_C_READ_MMAP_PRIVATE); + if (parent == NULL) + { + if (maxsize == ~((size_t) 0)) + { + /* We don't know in the moment how large the file is. + Determine it now. */ + struct stat st; + + if (fstat (fildes, &st) == 0 + && (sizeof (size_t) >= sizeof (st.st_size) + || st.st_size <= ~((size_t) 0))) + maxsize = (size_t) st.st_size; + } + } + else + { + /* The parent is already loaded. Use it. */ + assert (maxsize != ~((size_t) 0)); + } + if (use_mmap) { if (parent == NULL) { - if (maxsize == ~((size_t) 0)) - { - /* We don't know in the moment how large the file is. - Determine it now. */ - struct stat st; - - if (fstat (fildes, &st) == 0 - && (sizeof (size_t) >= sizeof (st.st_size) - || st.st_size <= ~((size_t) 0))) - maxsize = (size_t) st.st_size; - } - /* We try to map the file ourself. */ map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP ? PROT_READ @@ -635,9 +643,6 @@ read_file (int fildes, off_t offset, size_t maxsize, } else { - /* The parent is already loaded. Use it. */ - assert (maxsize != ~((size_t) 0)); - map_address = parent->map_address; } } |