| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Explicitly link libelf and libdw with -lz.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
|
| |
|
|
|
|
|
|
| |
* Move nested functions to file scope
in libelf/elf_begin.c and elf32_updatefile.c
to compile with clang.
Signed-off-by: Chih-Hung Hsieh <chh@google.com>
|
| |
|
|
|
|
|
|
| |
Some systems don't have loff_t, like FreeBSD where off_t always supports
large files. We need a standardized 64-bit signed type for the public
header, without depending on configuration... OK, just use int64_t.
Signed-off-by: Josh Stone <jistone@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use posix_fallocate when not using mmap. It is enough to ftruncate
the file to the right size. pwrite will report an error if there is no
disk space left. And on file systems that don't support fallocate it
might duplicate writes in that case. When using posix_fallocate do ignore
most errors. Other libc implementations don't guarantee the call actually
works always and even with glibc there might be an unexpected error from
the fallback code when the file system doesn't support fallocate. That is
pretty nasty since we might get a SIGBUS in that case when writing to the
mmapped memory. But the chance of that happening is very small. And will
normally never happen with glibc. So only report an error when
posix_fallocate reports ENOSPC.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AC_SYS_LARGEFILE defines _FILE_OFFSET_BITS in config.h if needed for
LFS, and this automatically maps things like open to open64. But quite
a few places used explicit 64-bit names, which won't work on platforms
like FreeBSD where off_t is always 64-bit and there are no foo64 names.
It's better to just trust that AC_SYS_LARGEFILE is doing it correctly.
But we can verify this too, as some file could easily forget to include
config.h. The new tests/run-lfs-symbols.sh checks all build targets
against lfs-symbols (taken from lintian) to make sure everything was
implicitly mapped to 64-bit variants when _FILE_OFFSET_BITS is set.
Signed-off-by: Josh Stone <jistone@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prepare to compile with clang.
A union like
{ T32 a32[n]; T64 a64[n]; } u;
is expanded to
size_t nbytes = n * MAX(sizeof(T32), sizeof(T64));
void *data = malloc(nbytes);
T32 (*a32)[n] = data;
T64 (*a64)[n] = data;
Signed-off-by: Chih-Hung Hsieh <chh@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Note, elfutils does not explicitly enable AM_SILENT_RULES. It's only
available starting from automake 1.11, but starting from automake 1.13
silent rules are always generated, defaulting to verbose. $(AM_V_foo)
additions should be no-ops on systems that don't support silent rules.
To be silent, use "./configure --enable-silent-rules" or "make V=0".
Signed-off-by: Josh Stone <jistone@redhat.com>
|
| |
|
|
|
|
|
| |
This avoids relocation overflows in sparc/sparc64 targets while
linking, where the reachable data using -fpic is only 4kb.
Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When e_version is EV_NONE we should set it to EV_CURRENT like we do for
the EI_VERSION and like we set EI_DATA to the correct byte order when set
to ELFDATANONE. Likewise we should always set e_shentsize like we do for
e_phentsize, not just when ELF_F_LAYOUT isn't set.
Add a new elfshphehdr testcase to check the above.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we banned old style function definitions GCC is able to diagnose
function definitions that don't match the function declaration:
elf32_getehdr.c:78: error: conflicting types for ‘__elf64_getehdr_wrlock’
libelfP.h:498: note: previous declaration of ‘__elf64_getehdr_wrlock’
This happens on i386 because there internal functions are marked with:
# define internal_function __attribute__ ((regparm (3), stdcall))
Make sure all internal function declarations and definitions are marked
with internal_function.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
We already require -std=gnu99 and old-style function definitions might
hide some compiler warnings.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Our dl-hash.h implementation originally came from, or was written at the
same time as, the glibc implementation. At some point (around 9 years ago)
they diverged and the elfutils version got an updated copyright header.
The glibc version saw various updates/optimizations. Just treat the file
like we do for elf.h and copy it whenever the glibc version is updated.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
When something goes wrong during the update make sure to always free any
temporary allocated memory (shdr_data and/or scns).
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When elf_update.c (write_file) doesn't know the current maximum file length
it might have to reduce the file size. posix_fallocate can only extend the
file. So always call ftruncate before that to set the file size and making
sure the backing store is fully there. Add test cases for checking strip
in place (eu-strip without -o) actually reduces the file size. But only
for non-ET_REL files. We might not be able to strip ET_REL files (except
when they are kernel modules) because they might contain "dangling" symbol
table entries.
https://bugzilla.redhat.com/show_bug.cgi?id=1232206
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
elf_getdata_rawchunk might return an unaligned buffer for the requested
ELF data type. Make sure the data is also correctly aligned when using
an mmapped file. Also add some missing alignments for ELF data types
for __libelf_type_align (the missing types could also make elf_getdata
to return unaligned data).
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The gelf_xlate conversion functions work on properly aligned ELF data
types. If elf_get data needs to do conversion and ! ALLOW_UNALIGNED
and the rawdata_base isn't aligned properly for the section type, then
provide an aligned copy of the data.
Found with --enable-sanitize-undefined in run-test-archive64.sh on x86_64.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
| |
In get_shnum the check was whether the Elf(32|64)_Ehdr was correctly
aligned, but to access the Shdr directly we need to check whether the
address that points to the Elf(32|64)_Shdr structure is correctly aligned.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are various places in the code that check whether mmapped structures
are correctly aligned (or ALLOW_UNALIGNED is set). Some of these checks
are asserts. Like the one in elf(32|64)_getshdr. We should not get into
that part of the code if the shdr scn structure was cached in elf_begin
because it was mmapped in and properly aligned.
These asserts could trigger because in elf_begin.c file_read_elf ()
all alignment checks were combined. So even though only one of the ehdr,
shdr or phdr structures were not properly aligned all structures would be
copied. Also the phdr structure was not even read in elf_begin, so the
alignment check was unnecessary.
This patch splits the alignment checks and reading of ehdr and shdr
structures into separate code paths. It also drops the phdr alignment
checks in elf_begin. Those phdr checks are done in elf(32|64)_getphdr
already.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
When a copy needs to be made of the shdrs, allocate with malloc and free
after conversion instead of calling alloca.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
When a copy needs to be made of the phdrs, allocate with malloc and free
after conversion instead of calling alloca.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
The number of entries in the index can be large, don't use alloca to
read in temporary data, use malloc (which is freed after out).
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
| |
When size is zero the buffer src and dest buffers might be NULL.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
When d_size is zero d_buf might be NULL. last_position doesn't need to be
updated in that case.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
Allocate shdr_data and scns with malloc, not alloca. Free after writing
section headers.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
Allocate temporary shdr storage with malloc, not alloca. Free after
writing section headers.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
| |
The number of entries in the index can be large, don't use alloca to
read in temporary data, use malloc (and free after out).
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an obscure SIGBUS error when using ELF_C_WRITE_MMAP on an ELF
file that needs extending when the underlying file system is (nearly) full.
Use posix_fallocate to make sure the file content is really there. Using
ftruncate might mean the file is extended, but space isn't allocated yet.
This might cause a SIGBUS once we write into the mmapped space and the disk
is full.
Using fallocate might fail on some file systems. posix_fallocate is
required to extend the file and allocate enough space even if the
underlying filesystem would normally return EOPNOTSUPP or the kernel
doesn't implement the fallocate syscall. Also posix_fallocate has been in
glibc since 2.1.94, while support for fallocate was only added in 2.10
and kernel 2.6.23.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
If phnum is zero make sure e_phoff is also zero and not some random value.
That would cause trouble in update_file. This could happen when ELF_F_LAYOUT
is set and the user copied over a ehdr from a bogus ELF file where the phdrs
are unreadable. In that case trying to write out the new ELF image would
crash trying to follow the bogus e_phdr value.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two issues with bogus sh_addralign values. First we would only
check the individual Elf_Data d_align values were powerof2. But not the
actual shdr addralign value. This would cause an issue if the shdr addralign
was bigger than all of the individual d_align values. Then we could write
out a bogus (! powerof2) shdr addralign value for the sections. Secondly
when reading in the Elf_Data we would set the d_align value to the value
of the shdr addralign value. But we would not check it was valid at all.
In practice there are ELF files with incorrect sh_addralign values (they
are a powerof2, but aren't aligned to the ELF image offset). We would try
to fix that up in elf_update by adding extra padding. But this could bloat
the ELF image a lot for large alignment values. So for too large alignments
that are bigger than the offset in the ELF file clamp them to the offset
value. This could lead us to reject to write out the data again when the
offset was not a powerof2. But this will only happen for aligment values
bigger than 64. Which are uncommon in practice.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Creating phdr with more than PN_XNUM phnum requires a valid section zero
shdr to store the extended value. Make sure the shdrs are valid. Also fix
the error when count was too big to store by setting ELF_E_INVALID_INDEX
before failing.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Don't trust the elf version given by the file. It could be completely
bogus. In which case gelf_fsize just returns zero. Which could cause
divide by zero errors.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c34
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c16
contains an example of usage of undefined memory when version section
data needs to be translated, but the version xlate functions detect they
cannot fully transform the section data. To make sure the dest buffer
data is completely defined this patch makes sure all data is moved
from src to dest first. This is somewhat inefficient since normally
all data will be fully converted. But the translation functions have
no way to indicate only partial data was converted.
Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't explicitly extend the file size for SHT_NOBITS sections. Since
that could cause a size beyond any actual file content it will cause
issues when the underlying ELF file has been mmapped or will extend
the file size to increase (writing fill bytes) when not mmapped. The
sh_offset value is essentially meaningless for SHT_NOBITS. gabi says
that a NOBITS section sh_offset member locates the "conceptual
placement" in the file. But it doesn't say this cannot be beyond the
enf of the file. When ELF_F_LAYOUT is set we should trust sh_offset
as given is what is wanted for an SHT_NOBITS section without extending
the file size.
https://bugzilla.redhat.com/show_bug.cgi?id=1020842
Buggy binutils ld could generate files where SHT_NOBITS sections have
sh_offset outside the file.
https://sourceware.org/bugzilla/show_bug.cgi?id=12921
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
__libelf_set_data_list_rdlock from elf_getdata.c is marked as an
internal_function in the implementation, but not in libelfP.h when it
is declared. Add internal_function to the declaration. This broke
the i686 build.
Reported-by: Alexander Cherepanov <ch3root@openwall.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the Koji build for arm32 fails with:
extracting debug info from /builddir/build/BUILDROOT/etcd-2.0.0-0.3.rc1.fc22.arm/usr/bin/etcd
Failed to write file: invalid section alignment
This is because the binary etcd
http://people.redhat.com/jkratoch/etcdctl.xz
contains:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[11] .rel.plt REL 00459ee0 449ee0 000088 08 A 13 0 0
^
which corresponds to golang's code:
go/src/cmd/ld/elf.c
case EM_X86_64:
sh = elfshname(".rela.plt");
sh->addralign = RegSize;
default:
sh = elfshname(".rel.plt");
<nothing>
ELF spec says:
Values 0 and 1 mean the section has no alignment constraints.
and libelf/elf32_updatenull.c really parses it that way at line 204
ElfW2(LIBELFBITS,Word) sh_align = shdr->sh_addralign ?: 1;
but unfortunately the later line being patched no longer does.
libelf/
2015-02-07 Jan Kratochvil <jan.kratochvil@redhat.com>
* elf32_updatenull.c (__elfw2(LIBELFBITS,updatenull_wrlock)): Consider
sh_addralign 0 as 1.
Signed-off-by: Jan Kratochvil <jan.kratochvil@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The result of elf_strptr is often used directly to print or strcmp
the string. If the section data was truncated or corrupted that could
lead to invalid memory reads possibly crashing the application.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c24
Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
elf_strptr always used the rawdata when available. But when data has been
added to the section it should find the correct buffer in the datalist.
Adds a large testcase that checks various ways of adding and extracting
strings from a section.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When ELF data for a section has been read by elf_rawdata, data_read
and rawdata_base are set, but data_list_rear will not be set until the
data will be converted (by elf_getdata). elf_newdata would overwrite
the existing data in that case. Both elf_getdata and elf_update rely
on the fact that when data_list_rear is set they don't have to look
at the raw data anymore. So make sure we update the data list properly
before adding any new data and raw data is available in elf_newdata.
Add newdata test that calls elf_newdata before and after elf_rawdata
and elf_getdata and checks the new size and contents of the section.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
elf_strptr might be called before the shdrs are read in. In that case it
needs to explicitly call __elf[32|64]_getshdr_rdlock to check the section
type and size. The new strptr testcase triggers this corner case and crashes
before the fix.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
elf_getphdrnum does checks the phdrnum makes sense. But gelf_getphdr
checked the given index against the "raw" e_phnum or internal
__elf_getphdrnum_rdlock result without checking. Extract the checking
code into a new internal __elf_getphdrnum_chk_rdlock function and
use that.
Found by afl-fuzz.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Elf_Arhdr ar_size is loff_t, which is signed. Make sure it isn't negative.
When the parent start_offset is non-zero maxsize should include it to
compensate for ar offset.
Found with afl-fuzz.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
read_long_names terminates names at the first '/' found but then skips
one character without checking (it's supposed to be '\n'). Hence the
next name could start with any character including '/'. This leads to
a directory traversal vulnerability at the time the contents of the
archive is extracted.
The danger is mitigated by the fact that only one '/' is possible in a
resulting filename and only in the leading position. Hence only files
in the root directory can be written via this vuln and only when ar is
executed as root.
The fix for the vuln is to not skip any characters while looking
for '/'.
Signed-off-by: Alexander Cherepanov <cherepan@mccme.ru>
|
| |
|
|
|
|
| |
The commands to check for invalid text relocations in the generated DSOs
shouldn't be displayed. They contain an echo which prints the text.
This patch suppresses the commands from being printed.
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
| |
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
