diff options
| author | Jonathan Gray <jsg@cvs.openbsd.org> | 2017-09-26 09:40:29 +0000 |
|---|---|---|
| committer | Jonathan Gray <jsg@cvs.openbsd.org> | 2017-09-26 09:40:29 +0000 |
| commit | d57586d3ec42f6b975594e575dca87bcaccbb8a7 (patch) | |
| tree | 4e209eb88c76a9c6ec902b564d61f2b334216df5 /usr.bin/ctfconv | |
| parent | 8663160e16577d2f3dbb571c319a7605abe30c6d (diff) | |
Ignore file offset values in section headers that exceed the length of
the file. Avoids a crash found with afl.
ok mpi@
Diffstat (limited to 'usr.bin/ctfconv')
| -rw-r--r-- | usr.bin/ctfconv/ctfconv.c | 12 | ||||
| -rw-r--r-- | usr.bin/ctfconv/elf.c | 7 |
2 files changed, 11 insertions, 8 deletions
diff --git a/usr.bin/ctfconv/ctfconv.c b/usr.bin/ctfconv/ctfconv.c index 89af54a7131..26b6d5040e6 100644 --- a/usr.bin/ctfconv/ctfconv.c +++ b/usr.bin/ctfconv/ctfconv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ctfconv.c,v 1.9 2017/09/19 08:28:57 jsg Exp $ */ +/* $OpenBSD: ctfconv.c,v 1.10 2017/09/26 09:40:28 jsg Exp $ */ /* * Copyright (c) 2016-2017 Martin Pieuchot @@ -60,7 +60,7 @@ int iself(const char *, size_t); int elf_getshstab(const char *, size_t, const char **, size_t *); ssize_t elf_getsymtab(const char *, const char *, size_t, const Elf_Sym **, size_t *); -ssize_t elf_getsection(char *, const char *, const char *, +ssize_t elf_getsection(char *, size_t, const char *, const char *, size_t, const char **, size_t *); /* parse.c */ @@ -225,25 +225,25 @@ elf_convert(char *p, size_t filesize) warnx("symbol table not found"); /* Find string table location and size. */ - if (elf_getsection(p, ELF_STRTAB, shstab, shstabsz, &strtab, + if (elf_getsection(p, filesize, ELF_STRTAB, shstab, shstabsz, &strtab, &strtabsz) == -1) warnx("string table not found"); /* Find abbreviation location and size. */ - if (elf_getsection(p, DEBUG_ABBREV, shstab, shstabsz, &abbuf, + if (elf_getsection(p, filesize, DEBUG_ABBREV, shstab, shstabsz, &abbuf, &ablen) == -1) { warnx("%s section not found", DEBUG_ABBREV); return 1; } - if (elf_getsection(p, DEBUG_INFO, shstab, shstabsz, &infobuf, + if (elf_getsection(p, filesize, DEBUG_INFO, shstab, shstabsz, &infobuf, &infolen) == -1) { warnx("%s section not found", DEBUG_INFO); return 1; } /* Find string table location and size. */ - if (elf_getsection(p, DEBUG_STR, shstab, shstabsz, &dstrbuf, + if (elf_getsection(p, filesize, DEBUG_STR, shstab, shstabsz, &dstrbuf, &dstrlen) == -1) warnx("%s section not found", DEBUG_STR); diff --git a/usr.bin/ctfconv/elf.c b/usr.bin/ctfconv/elf.c index 3dad0174b3b..8dba5dbe6aa 100644 --- a/usr.bin/ctfconv/elf.c +++ b/usr.bin/ctfconv/elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: elf.c,v 1.3 2017/08/29 21:10:20 deraadt Exp $ */ +/* $OpenBSD: elf.c,v 1.4 2017/09/26 09:40:28 jsg Exp $ */ /* * Copyright (c) 2016 Martin Pieuchot <mpi@openbsd.org> @@ -136,7 +136,7 @@ elf_getsymtab(const char *p, const char *shstab, size_t shstabsz, } ssize_t -elf_getsection(char *p, const char *sname, const char *shstab, +elf_getsection(char *p, size_t filesize, const char *sname, const char *shstab, size_t shstabsz, const char **psdata, size_t *pssz) { Elf_Ehdr *eh = (Elf_Ehdr *)p; @@ -156,6 +156,9 @@ elf_getsection(char *p, const char *sname, const char *shstab, if ((sh->sh_link >= eh->e_shnum) || (sh->sh_name >= shstabsz)) continue; + if (sh->sh_offset >= filesize) + continue; + if (strncmp(shstab + sh->sh_name, sname, snlen) == 0) { sidx = i; sdata = p + sh->sh_offset; |