From: Mark Wielaard <mark@klomp.org>
Date: Wed, 16 Dec 2020 09:57:22 +0000 (+0100)
Subject: libelf: Make sure we have at least a full ELF header available.
X-Git-Tag: elfutils-0.183~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d21692c7ebc4d511d1b40e9c0cc8d95c590c2070;p=thirdparty%2Felfutils.git

libelf: Make sure we have at least a full ELF header available.

When elf_memory is called we could get a slightly too small image
that doesn't contain a full ELF header (but does contain at least
the e_ident values). Require the full header before even validating
the rest of the ELF header fields.

https://sourceware.org/bugzilla/show_bug.cgi?id=27076

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 41727fbd3..a280a262e 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2020-12-15  Mark Wielaard  <mark@klomp.org>
+
+	* elf_begin.c (get_shnum): Make sure the full Ehdr is available.
+
 2020-12-12  Dmitry V. Levin  <ldv@altlinux.org>
 
 	* common.h: Fix spelling typo in comment.
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 43828c9a3..32648c153 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -88,6 +88,13 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes,
   } ehdr_mem;
   bool is32 = e_ident[EI_CLASS] == ELFCLASS32;
 
+  if ((is32 && maxsize < sizeof (Elf32_Ehdr))
+      || (!is32 && maxsize < sizeof (Elf64_Ehdr)))
+    {
+       __libelf_seterrno (ELF_E_INVALID_ELF);
+      return (size_t) -1l;
+    }
+
   /* Make the ELF header available.  */
   if (e_ident[EI_DATA] == MY_ELFDATA
       && (ALLOW_UNALIGNED