From: Mark Wielaard <mark@klomp.org>
Date: Thu, 17 Mar 2022 23:59:38 +0000 (+0100)
Subject: libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets
X-Git-Tag: elfutils-0.187~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0346d5fd96f64c1c23ab738eec54dfbb8c112dc3;p=thirdparty%2Felfutils.git

libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets

The Verdef, Verdaux, Verneed and Vernaux structures contain fields
which point to the next structures. Make sure these offsets are
correctly aligned for the structures they point to.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 07dd905f9..f6b47c68e 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2022-03-18  Mark Wielaard  <mark@klomp.org>
+
+	* version_xlate.h (elf_cvt_Verdef): Check alignment of def_offset
+	and aux_offset.
+	(elf_cvt_Verneed): Check alignment of need_offset and aux_offset.
+
 2022-03-17  Mark Wielaard  <mark@klomp.org>
 
 	* elf_begin.c (read_long_names): Check ar_size starts with a digit.
diff --git a/libelf/version_xlate.h b/libelf/version_xlate.h
index 9fe01c641..b7bd301de 100644
--- a/libelf/version_xlate.h
+++ b/libelf/version_xlate.h
@@ -1,5 +1,6 @@
 /* Conversion functions for versioning information.
    Copyright (C) 1998, 1999, 2000, 2002, 2003, 2015 Red Hat, Inc.
+   Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 1998.
 
@@ -66,7 +67,9 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
       GElf_Verdaux *asrc;
 
       /* Test for correct offset.  */
-      if (def_offset > len || len - def_offset < sizeof (GElf_Verdef))
+      if (def_offset > len
+	  || len - def_offset < sizeof (GElf_Verdef)
+	  || (def_offset & (__alignof__ (GElf_Verdef) - 1)) != 0)
 	return;
 
       /* Work the tree from the first record.  */
@@ -95,7 +98,9 @@ elf_cvt_Verdef (void *dest, const void *src, size_t len, int encode)
 	  GElf_Verdaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Verdaux))
+	  if (aux_offset > len
+	      || len - aux_offset < sizeof (GElf_Verdaux)
+	      || (aux_offset & (__alignof__ (GElf_Verdaux) - 1)) != 0)
 	    return;
 
 	  adest = (GElf_Verdaux *) ((char *) dest + aux_offset);
@@ -165,7 +170,9 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
       GElf_Vernaux *asrc;
 
       /* Test for correct offset.  */
-      if (need_offset > len || len - need_offset < sizeof (GElf_Verneed))
+      if (need_offset > len
+	  || len - need_offset < sizeof (GElf_Verneed)
+	  || (need_offset & (__alignof__ (GElf_Verneed) - 1)) != 0)
 	return;
 
       /* Work the tree from the first record.  */
@@ -192,7 +199,9 @@ elf_cvt_Verneed (void *dest, const void *src, size_t len, int encode)
 	  GElf_Vernaux *adest;
 
 	  /* Test for correct offset.  */
-	  if (aux_offset > len || len - aux_offset < sizeof (GElf_Vernaux))
+	  if (aux_offset > len
+	      || len - aux_offset < sizeof (GElf_Vernaux)
+	      || (aux_offset & (__alignof__ (GElf_Vernaux) - 1)) != 0)
 	    return;
 
 	  adest = (GElf_Vernaux *) ((char *) dest + aux_offset);