Attachment #429954 for bug #579388




 <https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/src/gather.c?id=efc75bd8a229fe99f60344150fbae3b71c7911de>
 <https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/trunk/src/gather.c?id=d0b5f973a7fc0136f5acbabcd20eb7161ddb147f>
++ prelink-cross-20151030/src/gather.c

  return 0;
}

/* Determine for a buffer holding an ELF header if the program header
   table in the buffer or in the associated file may be that of a
   position-independent executable.  */
static int
maybe_pie (unsigned char *e_ident, size_t data_length, int fd,
	   int big_endian, int sixty_four)
{
  uint16_t num_phdrs;
  uint16_t phdr;
  size_t p_type_offset;
  size_t phnum_offset;
  off_t phdr_offset;
  size_t phentsize_offset;
  uint16_t phentsize;
  size_t phdr_size;
  unsigned char *phdr_table;
  size_t this_offset;
  unsigned char buffer[0x1000];

  if (sixty_four)
    {
      unsigned char *phoff = e_ident + offsetof (Elf64_Ehdr, e_phoff);
      phdr_size = sizeof (Elf64_Phdr);
      p_type_offset = offsetof (Elf64_Phdr, p_type);
      phnum_offset = offsetof (Elf64_Ehdr, e_phnum);
      phentsize_offset = offsetof (Elf64_Ehdr, e_phentsize);
      if (big_endian)
        phdr_offset = buf_read_ube64 (phoff);
                                                         e_phoff)]);
      else
        phdr_offset = buf_read_ule64 (phoff);
      if (phdr_offset < sizeof (Elf64_Ehdr))
	return 0;
    }
  else
    {
      unsigned char *phoff = e_ident + offsetof (Elf32_Ehdr, e_phoff);
      phdr_size = sizeof (Elf32_Phdr);
      p_type_offset = offsetof (Elf32_Phdr, p_type);
      phnum_offset = offsetof (Elf32_Ehdr, e_phnum);
      phentsize_offset = offsetof (Elf32_Ehdr, e_phentsize);
      if (big_endian)
        phdr_offset = buf_read_ube32 (phoff);
                                                         e_phoff)]);
      else
        phdr_offset = buf_read_ule32 (phoff);
      if (phdr_offset < sizeof (Elf32_Ehdr))
	return 0;
    }

  this_phdr = phdr_table;

  if (big_endian)
    {
      num_phdrs = buf_read_ube16 (e_ident + phnum_offset);
      phentsize = buf_read_ube16 (e_ident + phentsize_offset);
    }
  else
    num_phdrs = buf_read_ule16 (&e_ident [phnum_offset]);

  for (phdr = 0; phdr < num_phdrs; phdr++)
    {
      num_phdrs = buf_read_ule16 (e_ident + phnum_offset);
      phentsize = buf_read_ule16 (e_ident + phentsize_offset);
    }
  if (num_phdrs == 0 || phentsize < phdr_size)
    return 0;
  /* TODO: check that phdr_offset + phentsize * num_phdrs doesn't overflow */

  phdr_table = e_ident;
  this_offset = phdr_offset < data_length ? phdr_offset : data_length;
  for (phdr = 0; phdr < num_phdrs; phdr++, this_offset += phentsize)
    {
      unsigned char *p_type_start;
      uint32_t p_type;

      if (this_offset + p_type_offset + sizeof (int32_t) > data_length)
	{
	  /* Read more headers from file */
	  ssize_t read_bytes = pread (fd, buffer, sizeof(buffer),
				      phdr_offset + phdr * (off_t) phentsize);
	  if (read_bytes < phentsize)
	    return 0;

	  data_length = read_bytes;
	  phdr_table = buffer;
	  this_offset = 0;
	}

      p_type_start = phdr_table + this_offset + p_type_offset;
      if (big_endian)
       p_type = buf_read_ube32 (p_type_start);
      else

      /* Any PT_PHDR entry must come before any PT_LOAD entry.  */
      if (p_type == PT_LOAD)
        return 0;
  
      this_phdr += sixty_four ? sizeof (Elf64_Phdr) : sizeof (Elf32_Phdr);
    }
    
  return 0;

gather_func (const char *name, const struct stat64 *st, int type,
	     struct FTW *ftwp)
{
  unsigned char e_ident [sizeof (Elf64_Ehdr) + sizeof (Elf64_Phdr) + 4];

#ifndef HAVE_FTW_ACTIONRETVAL
  if (blacklist_dir)

		goto make_unprelinkable;
	      else if (e_ident [EI_CLASS] == ELFCLASS32)
		{
		  if (maybe_pie (e_ident, sizeof (e_ident), fd, 0, 0))
		    {
maybe_pie:
		      dso = fdopen_dso (fd, name);

		}
	      else if (e_ident [EI_CLASS] == ELFCLASS64)
		{
		  if (maybe_pie (e_ident, sizeof (e_ident), fd, 0, 1))
		    goto maybe_pie;
		  goto close_it;
		}

		goto make_unprelinkable;
	      else if (e_ident [EI_CLASS] == ELFCLASS32)
		{
		  if (maybe_pie (e_ident, sizeof (e_ident), fd, 1, 0))
		    goto maybe_pie;
		  goto close_it;
		}
	      else if (e_ident [EI_CLASS] == ELFCLASS64)
		{
		  if (maybe_pie (e_ident, sizeof (e_ident), fd, 1, 1))
		    goto maybe_pie;
		  goto close_it;
		}

Return to bug 579388

Line Link Here

(-)file_not_specified_in_diff (-34 / +62 lines)
	<https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/src/gather.c?id=efc75bd8a229fe99f60344150fbae3b71c7911de>		<https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/src/gather.c?id=efc75bd8a229fe99f60344150fbae3b71c7911de>
1	<https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/trunk/src/gather.c?id=d0b5f973a7fc0136f5acbabcd20eb7161ddb147f>	1	<https://git.yoctoproject.org/cgit/cgit.cgi/prelink-cross/commit/trunk/src/gather.c?id=d0b5f973a7fc0136f5acbabcd20eb7161ddb147f>
2	-- prelink-cross-20151030/src/gather.c	2	++ prelink-cross-20151030/src/gather.c
Lines 645-703 add_dir_to_dirlist (const char *name, de Link Here
645	return 0;	645	return 0;
646	}	646	}
647		647
648	/* Determine if a buffer holding an ELF header and program header	648	/* Determine for a buffer holding an ELF header if the program header
649	table may be that of a position-independent executable. */	649	table in the buffer or in the associated file may be that of a
		650	position-independent executable. */
650	static int	651	static int
651	maybe_pie (unsigned char *e_ident, int big_endian, int sixty_four)	652	maybe_pie (unsigned char *e_ident, size_t data_length, int fd,
		653	int big_endian, int sixty_four)
652	{	654	{
653	uint16_t num_phdrs;	655	uint16_t num_phdrs;
654	uint16_t phdr;	656	uint16_t phdr;
655	size_t p_type_offset;	657	size_t p_type_offset;
656	size_t phnum_offset;	658	size_t phnum_offset;
		659	off_t phdr_offset;
		660	size_t phentsize_offset;
		661	uint16_t phentsize;
		662	size_t phdr_size;
657	unsigned char *phdr_table;	663	unsigned char *phdr_table;
658	unsigned char *this_phdr;	664	size_t this_offset;
		665	unsigned char buffer[0x1000];
659		666
660	if (sixty_four)	667	if (sixty_four)
661	{	668	{
662	uint64_t phdr_offset;	669	unsigned char *phoff = e_ident + offsetof (Elf64_Ehdr, e_phoff);
663		670	phdr_size = sizeof (Elf64_Phdr);
664	p_type_offset = offsetof (Elf64_Phdr, p_type);	671	p_type_offset = offsetof (Elf64_Phdr, p_type);
665	phnum_offset = offsetof (Elf64_Ehdr, e_phnum);	672	phnum_offset = offsetof (Elf64_Ehdr, e_phnum);
		673	phentsize_offset = offsetof (Elf64_Ehdr, e_phentsize);
666	if (big_endian)	674	if (big_endian)
667	phdr_offset = buf_read_ube64 (&e_ident [offsetof (Elf64_Ehdr,	675	phdr_offset = buf_read_ube64 (phoff);
668	e_phoff)]);
669	else	676	else
670	phdr_offset = buf_read_ule64 (&e_ident [offsetof (Elf64_Ehdr,	677	phdr_offset = buf_read_ule64 (phoff);
671	e_phoff)]);	678	if (phdr_offset < sizeof (Elf64_Ehdr))
672	phdr_table = e_ident + phdr_offset;	679	return 0;
673	}	680	}
674	else	681	else
675	{	682	{
676	uint32_t phdr_offset;	683	unsigned char *phoff = e_ident + offsetof (Elf32_Ehdr, e_phoff);
677		684	phdr_size = sizeof (Elf32_Phdr);
678	p_type_offset = offsetof (Elf32_Phdr, p_type);	685	p_type_offset = offsetof (Elf32_Phdr, p_type);
679	phnum_offset = offsetof (Elf32_Ehdr, e_phnum);	686	phnum_offset = offsetof (Elf32_Ehdr, e_phnum);
		687	phentsize_offset = offsetof (Elf32_Ehdr, e_phentsize);
680	if (big_endian)	688	if (big_endian)
681	phdr_offset = buf_read_ube32 (&e_ident [offsetof (Elf32_Ehdr,	689	phdr_offset = buf_read_ube32 (phoff);
682	e_phoff)]);
683	else	690	else
684	phdr_offset = buf_read_ule32 (&e_ident [offsetof (Elf32_Ehdr,	691	phdr_offset = buf_read_ule32 (phoff);
685	e_phoff)]);	692	if (phdr_offset < sizeof (Elf32_Ehdr))
686	phdr_table = e_ident + phdr_offset;	693	return 0;
687	}	694	}
688
689	this_phdr = phdr_table;
690		695
691	if (big_endian)	696	if (big_endian)
692	num_phdrs = buf_read_ube16 (&e_ident [phnum_offset]);	697	{
		698	num_phdrs = buf_read_ube16 (e_ident + phnum_offset);
		699	phentsize = buf_read_ube16 (e_ident + phentsize_offset);
		700	}
693	else	701	else
694	num_phdrs = buf_read_ule16 (&e_ident [phnum_offset]);
695
696	for (phdr = 0; phdr < num_phdrs; phdr++)
697	{	702	{
698	unsigned char *p_type_start = this_phdr + p_type_offset;	703	num_phdrs = buf_read_ule16 (e_ident + phnum_offset);
		704	phentsize = buf_read_ule16 (e_ident + phentsize_offset);
		705	}
		706	if (num_phdrs == 0 \|\| phentsize < phdr_size)
		707	return 0;
		708	/* TODO: check that phdr_offset + phentsize * num_phdrs doesn't overflow */
		709
		710	phdr_table = e_ident;
		711	this_offset = phdr_offset < data_length ? phdr_offset : data_length;
		712	for (phdr = 0; phdr < num_phdrs; phdr++, this_offset += phentsize)
		713	{
		714	unsigned char *p_type_start;
699	uint32_t p_type;	715	uint32_t p_type;
700		716
		717	if (this_offset + p_type_offset + sizeof (int32_t) > data_length)
		718	{
		719	/* Read more headers from file */
		720	ssize_t read_bytes = pread (fd, buffer, sizeof(buffer),
		721	phdr_offset + phdr * (off_t) phentsize);
		722	if (read_bytes < phentsize)
		723	return 0;
		724
		725	data_length = read_bytes;
		726	phdr_table = buffer;
		727	this_offset = 0;
		728	}
		729
		730	p_type_start = phdr_table + this_offset + p_type_offset;
701	if (big_endian)	731	if (big_endian)
702	p_type = buf_read_ube32 (p_type_start);	732	p_type = buf_read_ube32 (p_type_start);
703	else	733	else
Lines 709-716 maybe_pie (unsigned char *e_ident, int b Link Here
709	/* Any PT_PHDR entry must come before any PT_LOAD entry. */	739	/* Any PT_PHDR entry must come before any PT_LOAD entry. */
710	if (p_type == PT_LOAD)	740	if (p_type == PT_LOAD)
711	return 0;	741	return 0;
712
713	this_phdr += sixty_four ? sizeof (Elf64_Phdr) : sizeof (Elf32_Phdr);
714	}	742	}
715		743
716	return 0;	744	return 0;
Lines 720-726 static int Link Here
720	gather_func (const char name, const struct stat64 st, int type,	748	gather_func (const char name, const struct stat64 st, int type,
721	struct FTW *ftwp)	749	struct FTW *ftwp)
722	{	750	{
723	unsigned char e_ident [sizeof (Elf64_Ehdr) + sizeof (Elf64_Phdr)];	751	unsigned char e_ident [sizeof (Elf64_Ehdr) + sizeof (Elf64_Phdr) + 4];
724		752
725	#ifndef HAVE_FTW_ACTIONRETVAL	753	#ifndef HAVE_FTW_ACTIONRETVAL
726	if (blacklist_dir)	754	if (blacklist_dir)
Lines 817-823 make_unprelinkable: Link Here
817	goto make_unprelinkable;	845	goto make_unprelinkable;
818	else if (e_ident [EI_CLASS] == ELFCLASS32)	846	else if (e_ident [EI_CLASS] == ELFCLASS32)
819	{	847	{
820	if (maybe_pie (e_ident, 0, 0))	848	if (maybe_pie (e_ident, sizeof (e_ident), fd, 0, 0))
821	{	849	{
822	maybe_pie:	850	maybe_pie:
823	dso = fdopen_dso (fd, name);	851	dso = fdopen_dso (fd, name);
Lines 834-840 maybe_pie: Link Here
834	}	862	}
835	else if (e_ident [EI_CLASS] == ELFCLASS64)	863	else if (e_ident [EI_CLASS] == ELFCLASS64)
836	{	864	{
837	if (maybe_pie (e_ident, 0, 1))	865	if (maybe_pie (e_ident, sizeof (e_ident), fd, 0, 1))
838	goto maybe_pie;	866	goto maybe_pie;
839	goto close_it;	867	goto close_it;
840	}	868	}
Lines 851-863 maybe_pie: Link Here
851	goto make_unprelinkable;	879	goto make_unprelinkable;
852	else if (e_ident [EI_CLASS] == ELFCLASS32)	880	else if (e_ident [EI_CLASS] == ELFCLASS32)
853	{	881	{
854	if (maybe_pie (e_ident, 1, 0))	882	if (maybe_pie (e_ident, sizeof (e_ident), fd, 1, 0))
855	goto maybe_pie;	883	goto maybe_pie;
856	goto close_it;	884	goto close_it;
857	}	885	}
858	else if (e_ident [EI_CLASS] == ELFCLASS64)	886	else if (e_ident [EI_CLASS] == ELFCLASS64)
859	{	887	{
860	if (maybe_pie (e_ident, 1, 1))	888	if (maybe_pie (e_ident, sizeof (e_ident), fd, 1, 1))
861	goto maybe_pie;	889	goto maybe_pie;
862	goto close_it;	890	goto close_it;
863	}	891	}