Print this page
5507 libelf may overflow data buffer when translating data to memory representation


  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 /*      Copyright (c) 1988 AT&T     */
  28 /*        All Rights Reserved   */
  29 
  30 #pragma ident   "%Z%%M% %I%     %E% SMI"
  31 
  32 /*
  33  * This stuff used to live in cook.c, but was moved out to
  34  * facilitate dual (Elf32 and Elf64) compilation.  See block
  35  * comment in cook.c for more info.
  36  */
  37 
  38 #include <string.h>
  39 #include <ar.h>
  40 #include <stdlib.h>
  41 #include <errno.h>

  42 #include "decl.h"
  43 #include "member.h"
  44 #include "msg.h"
  45 
  46 /*
  47  * This module is compiled twice, the second time having
  48  * -D_ELF64 defined.  The following set of macros, along
  49  * with machelf.h, represent the differences between the
  50  * two compilations.  Be careful *not* to add any class-
  51  * dependent code (anything that has elf32 or elf64 in the
  52  * name) to this code without hiding it behind a switch-
  53  * able macro like these.
  54  */
  55 #if     defined(_ELF64)
  56 #define Snode           Snode64
  57 #define ELFCLASS        ELFCLASS64
  58 #define ElfField        Elf64
  59 #define _elf_snode_init _elf64_snode_init
  60 #define _elf_prepscan   _elf64_prepscan
  61 #define _elf_cookscn    _elf64_cookscn


 160 
 161 
 162         /*
 163          * Prepare d_data for inspection, but don't actually
 164          * translate data until needed.  Leave the READY
 165          * flag off.  NOBITS sections see zero size.
 166          */
 167         elf = s->s_elf;
 168         sh = s->s_shdr;
 169 
 170         d->db_scn = s;
 171         d->db_off = sh->sh_offset;
 172         d->db_data.d_align = sh->sh_addralign;
 173         d->db_data.d_version = elf->ed_version;
 174         ELFACCESSDATA(work, _elf_work)
 175         d->db_data.d_type = _elf_mtype(elf, sh->sh_type, work);
 176         d->db_data.d_buf = 0;
 177         d->db_data.d_off = 0;
 178         fsz = elf_fsize(d->db_data.d_type, 1, elf->ed_version);
 179         msz = _elf_msize(d->db_data.d_type, elf->ed_version);
 180         d->db_data.d_size = (sh->sh_size / fsz) * msz;
 181         d->db_shsz = sh->sh_size;
 182         d->db_raw = 0;
 183         d->db_buf = 0;
 184         d->db_uflags = 0;
 185         d->db_myflags = 0;
 186         d->db_next = 0;
 187 
 188         if (sh->sh_type != SHT_NOBITS)
 189                 d->db_fsz = sh->sh_size;
 190         else
 191                 d->db_fsz = 0;
 192 
 193         s->s_myflags |= SF_READY;
 194 
 195         NOTE(NOW_VISIBLE_TO_OTHER_THREADS(*d))
 196         return (OK_YES);
 197 }
 198 
 199 
 200 




  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 /*      Copyright (c) 1988 AT&T     */
  28 /*        All Rights Reserved   */
  29 


  30 /*
  31  * This stuff used to live in cook.c, but was moved out to
  32  * facilitate dual (Elf32 and Elf64) compilation.  See block
  33  * comment in cook.c for more info.
  34  */
  35 
  36 #include <string.h>
  37 #include <ar.h>
  38 #include <stdlib.h>
  39 #include <errno.h>
  40 #include <sys/sysmacros.h>
  41 #include "decl.h"
  42 #include "member.h"
  43 #include "msg.h"
  44 
  45 /*
  46  * This module is compiled twice, the second time having
  47  * -D_ELF64 defined.  The following set of macros, along
  48  * with machelf.h, represent the differences between the
  49  * two compilations.  Be careful *not* to add any class-
  50  * dependent code (anything that has elf32 or elf64 in the
  51  * name) to this code without hiding it behind a switch-
  52  * able macro like these.
  53  */
  54 #if     defined(_ELF64)
  55 #define Snode           Snode64
  56 #define ELFCLASS        ELFCLASS64
  57 #define ElfField        Elf64
  58 #define _elf_snode_init _elf64_snode_init
  59 #define _elf_prepscan   _elf64_prepscan
  60 #define _elf_cookscn    _elf64_cookscn


 159 
 160 
 161         /*
 162          * Prepare d_data for inspection, but don't actually
 163          * translate data until needed.  Leave the READY
 164          * flag off.  NOBITS sections see zero size.
 165          */
 166         elf = s->s_elf;
 167         sh = s->s_shdr;
 168 
 169         d->db_scn = s;
 170         d->db_off = sh->sh_offset;
 171         d->db_data.d_align = sh->sh_addralign;
 172         d->db_data.d_version = elf->ed_version;
 173         ELFACCESSDATA(work, _elf_work)
 174         d->db_data.d_type = _elf_mtype(elf, sh->sh_type, work);
 175         d->db_data.d_buf = 0;
 176         d->db_data.d_off = 0;
 177         fsz = elf_fsize(d->db_data.d_type, 1, elf->ed_version);
 178         msz = _elf_msize(d->db_data.d_type, elf->ed_version);
 179         d->db_data.d_size = MAX(sh->sh_size, (sh->sh_size / fsz) * msz);
 180         d->db_shsz = sh->sh_size;
 181         d->db_raw = 0;
 182         d->db_buf = 0;
 183         d->db_uflags = 0;
 184         d->db_myflags = 0;
 185         d->db_next = 0;
 186 
 187         if (sh->sh_type != SHT_NOBITS)
 188                 d->db_fsz = sh->sh_size;
 189         else
 190                 d->db_fsz = 0;
 191 
 192         s->s_myflags |= SF_READY;
 193 
 194         NOTE(NOW_VISIBLE_TO_OTHER_THREADS(*d))
 195         return (OK_YES);
 196 }
 197 
 198 
 199