diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2014-01-17 19:36:16 +0100 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2014-01-23 11:31:53 +0100 |
| commit | 720383c53b435de6647edd78060dd7d38ade25a5 (patch) | |
| tree | 7437a0d1e3250ea4916f7caefdff05b218504510 /libelf/elf_getshdrstrndx.c | |
| parent | 58d3619facfb708f4998d73270ca4082b20853b9 (diff) | |
| download | elfutils-720383c53b435de6647edd78060dd7d38ade25a5.tar.gz | |
robustify: libelf.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libelf/elf_getshdrstrndx.c')
| -rw-r--r-- | libelf/elf_getshdrstrndx.c | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/libelf/elf_getshdrstrndx.c b/libelf/elf_getshdrstrndx.c index 57ad8005..1dbed4c8 100644 --- a/libelf/elf_getshdrstrndx.c +++ b/libelf/elf_getshdrstrndx.c @@ -1,5 +1,5 @@ /* Return section index of section header string table. - Copyright (C) 2002, 2005, 2009 Red Hat, Inc. + Copyright (C) 2002, 2005, 2009, 2014 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <drepper@redhat.com>, 2002. @@ -104,10 +104,25 @@ elf_getshdrstrndx (elf, dst) if (elf->map_address != NULL && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) elf->map_address + offset)) + || (((size_t) ((char *) elf->map_address + + elf->start_offset + offset)) & (__alignof__ (Elf32_Shdr) - 1)) == 0)) - /* We can directly access the memory. */ - num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link; + { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (elf->maximum_size - offset + < sizeof (Elf32_Shdr))) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); + result = -1; + goto out; + } + + /* We can directly access the memory. */ + num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset + + offset))->sh_link; + } else { /* We avoid reading in all the section headers. Just read @@ -142,10 +157,25 @@ elf_getshdrstrndx (elf, dst) if (elf->map_address != NULL && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) elf->map_address + offset)) + || (((size_t) ((char *) elf->map_address + + elf->start_offset + offset)) & (__alignof__ (Elf64_Shdr) - 1)) == 0)) - /* We can directly access the memory. */ - num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link; + { + /* First see whether the information in the ELF header is + valid and it does not ask for too much. */ + if (unlikely (elf->maximum_size - offset + < sizeof (Elf64_Shdr))) + { + /* Something is wrong. */ + __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER); + result = -1; + goto out; + } + + /* We can directly access the memory. */ + num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset + + offset))->sh_link; + } else { /* We avoid reading in all the section headers. Just read |