elf: handle some invalid sizes #121

philipc · 2019-03-07T08:18:51Z

This fixes all the errors that I could reproduce from #120.

TODO:

validate all other Vec::with_capacity
validate all other arithmetic for overflows

philipc · 2019-03-07T08:21:07Z

src/elf/dyn.rs

@@ -466,6 +472,7 @@ macro_rules! elf_dyn_std_impl {
            pub fn from_fd(mut fd: &File, phdrs: &[$phdr]) -> Result<Option<Vec<Dyn>>> {
                for phdr in phdrs {
                    if phdr.p_type == PT_DYNAMIC {
+                        // FIXME: validate filesz before allocating


I don't know how to validate this. Probably we could do fd.take(filesz).read_to_end() (and then check the correct length was read?), but then need to convert that Vec[u8] into a Vec[Dyn].

I think this method is only used by things that load off disk like a dynamic linker so it shouldn’t be on the parser code path; however yes we should do something here but I wouldn’t worry about it for now

m4b

This is great thanks for taking this up @philipc !

m4b · 2019-03-08T16:40:27Z

src/elf/sym.rs

-            let size = count * Sym::size_with(&ctx);
+            let size = count
+                .checked_mul(Sym::size_with(&ctx))
+                .ok_or(::error::Error::Malformed(format!("Too many ELF symbols (offset {:#x}, count {})",


Are we 2018 in this crate ? We should update soon if not

Yep, so rust 2018 + rustfmt?

the only thing is we’ve had a really great story for supporting older compilers so I’d like to see what the Linux distros are shipping at the moment. If we can target a minimum rustc/ cargo combination which does 2018 that would be ideal. Need to investigate.

m4b · 2019-03-08T16:42:06Z

src/elf/dyn.rs

@@ -466,6 +472,7 @@ macro_rules! elf_dyn_std_impl {
            pub fn from_fd(mut fd: &File, phdrs: &[$phdr]) -> Result<Option<Vec<Dyn>>> {
                for phdr in phdrs {
                    if phdr.p_type == PT_DYNAMIC {
+                        // FIXME: validate filesz before allocating


I think this method is only used by things that load off disk like a dynamic linker so it shouldn’t be on the parser code path; however yes we should do something here but I wouldn’t worry about it for now

m4b · 2019-03-08T16:43:03Z

I’ll let you push the merge button since it feels good :)

philipc added 2 commits March 7, 2019 18:12

elf::Dynamic::parse: validate p_filesz

0ba75a6

elf::SymTab::parse: handle size overflow

37208c2

philipc commented Mar 7, 2019

View reviewed changes

philipc mentioned this pull request Mar 7, 2019

Crash on malformed ELF file #120

Open

m4b approved these changes Mar 8, 2019

View reviewed changes

philipc merged commit d0ce0ad into m4b:master Mar 9, 2019

philipc deleted the issue-120 branch March 9, 2019 01:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

elf: handle some invalid sizes #121

elf: handle some invalid sizes #121

philipc commented Mar 7, 2019

philipc Mar 7, 2019

m4b Mar 8, 2019

m4b left a comment

m4b Mar 8, 2019

philipc Mar 9, 2019

m4b Mar 9, 2019

m4b Mar 8, 2019

m4b commented Mar 8, 2019

elf: handle some invalid sizes #121

elf: handle some invalid sizes #121

Conversation

philipc commented Mar 7, 2019

philipc Mar 7, 2019

Choose a reason for hiding this comment

m4b Mar 8, 2019

Choose a reason for hiding this comment

m4b left a comment

Choose a reason for hiding this comment

m4b Mar 8, 2019

Choose a reason for hiding this comment

philipc Mar 9, 2019

Choose a reason for hiding this comment

m4b Mar 9, 2019

Choose a reason for hiding this comment

m4b Mar 8, 2019

Choose a reason for hiding this comment

m4b commented Mar 8, 2019