From: Roland McGrath <roland@redhat.com>
Date: Wed, 14 Apr 2010 20:21:08 +0000 (-0700)
Subject: Merge branch 'master' of ssh://git.fedorahosted.org/git/elfutils into robustify
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64b04c5c39cd9e155191dfafe803af0e1f255f3f;p=thirdparty%2Felfutils.git

Merge branch 'master' of ssh://git.fedorahosted.org/git/elfutils into robustify

Conflicts:
	libelf/elf_begin.c
---

64b04c5c39cd9e155191dfafe803af0e1f255f3f
diff --cc libelf/ChangeLog
index ac1c67cbc,7e6b99297..cca696fd3
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@@ -616,53 -643,10 +643,53 @@@
  	If section content hasn't been read yet, do it before looking for the
  	block size.  If no section data present, infer size of section header.
  
- 2005-05-17  Jakub Jelinek  <jakub@redhat.com>
- 
- 	* elf32_getphdr.c (elfw2(LIBELFBITS,getphdr)): Check if program header
- 	table fits into object's bounds.
- 	* elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to
- 	elf->map_address.  Check if first section header fits into object's
- 	bounds.
- 	* elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)):
- 	Check if section header table fits into object's bounds.
- 	* elf_begin.c (get_shnum): Ensure section headers fits into
- 	object's bounds.
- 	(file_read_elf): Make sure scncnt is small enough to allocate both
- 	ElfXX_Shdr and Elf_Scn array.  Make sure section and program header
- 	tables fit into object's bounds.  Avoid memory leak on failure.
- 
 +2005-05-14  Jakub Jelinek  <jakub@redhat.com>
 +
 +	* libelfP.h (INVALID_NDX): Define.
 +	* gelf_getdyn.c (gelf_getdyn): Use it.  Remove ndx < 0 test if any.
 +	* gelf_getlib.c (gelf_getlib): Likewise.
 +	* gelf_getmove.c (gelf_getmove): Likewise.
 +	* gelf_getrel.c (gelf_getrel): Likewise.
 +	* gelf_getrela.c (gelf_getrela): Likewise.
 +	* gelf_getsym.c (gelf_getsym): Likewise.
 +	* gelf_getsyminfo.c (gelf_getsyminfo): Likewise.
 +	* gelf_getsymshndx.c (gelf_getsymshndx): Likewise.
 +	* gelf_getversym.c (gelf_getversym): Likewise.
 +	* gelf_update_dyn.c (gelf_update_dyn): Likewise.
 +	* gelf_update_lib.c (gelf_update_lib): Likewise.
 +	* gelf_update_move.c (gelf_update_move): Likewise.
 +	* gelf_update_rel.c (gelf_update_rel): Likewise.
 +	* gelf_update_rela.c (gelf_update_rela): Likewise.
 +	* gelf_update_sym.c (gelf_update_sym): Likewise.
 +	* gelf_update_syminfo.c (gelf_update_syminfo): Likewise.
 +	* gelf_update_symshndx.c (gelf_update_symshndx): Likewise.
 +	* gelf_update_versym.c (gelf_update_versym): Likewise.
 +	* elf_newscn.c (elf_newscn): Check for overflow.
 +	* elf32_updatefile.c (__elfw2(LIBELFBITS,updatemmap)): Likewise.
 +	(__elfw2(LIBELFBITS,updatefile)): Likewise.
 +	* elf_begin.c (file_read_elf): Likewise.
 +	* elf32_newphdr.c (elfw2(LIBELFBITS,newphdr)): Likewise.
 +	* elf_getarsym.c (elf_getarsym): Likewise.
 +	* elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)): Likewise.
  2005-05-11  Ulrich Drepper  <drepper@redhat.com>
  
  	* elf.h: Update again.
  
++2005-05-17  Jakub Jelinek  <jakub@redhat.com>
++
++	* elf32_getphdr.c (elfw2(LIBELFBITS,getphdr)): Check if program header
++	table fits into object's bounds.
++	* elf_getshstrndx.c (elf_getshstrndx): Add elf->start_offset to
++	elf->map_address.  Check if first section header fits into object's
++	bounds.
++	* elf32_getshdr.c (elfw2(LIBELFBITS,getshdr)):
++	Check if section header table fits into object's bounds.
++	* elf_begin.c (get_shnum): Ensure section headers fits into
++	object's bounds.
++	(file_read_elf): Make sure scncnt is small enough to allocate both
++	ElfXX_Shdr and Elf_Scn array.  Make sure section and program header
++	tables fit into object's bounds.  Avoid memory leak on failure.
++
  2005-05-09  Ulrich Drepper  <drepper@redhat.com>
  
  	* elf.h: Update from glibc.
diff --cc libelf/elf32_getphdr.c
index 6a8bf7c28,80f54fd7b..e8860654d
--- a/libelf/elf32_getphdr.c
+++ b/libelf/elf32_getphdr.c
@@@ -105,18 -105,15 +105,25 @@@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf
  
        size_t size = phnum * sizeof (ElfW2(LIBELFBITS,Phdr));
  
+       if (ehdr->e_phoff > elf->maximum_size
+ 	  || elf->maximum_size - ehdr->e_phoff < size)
+ 	{
+ 	  __libelf_seterrno (ELF_E_INVALID_DATA);
+ 	  goto out;
+ 	}
+ 
        if (elf->map_address != NULL)
  	{
 +	  /* First see whether the information in the ELF header is
 +	     valid and it does not ask for too much.  */
 +	  if (unlikely (ehdr->e_phoff >= elf->maximum_size)
 +	      || unlikely (elf->maximum_size - ehdr->e_phoff < size))
 +	    {
 +	      /* Something is wrong.  */
 +	      __libelf_seterrno (ELF_E_INVALID_PHDR);
 +	      goto out;
 +	    }
 +
  	  /* All the data is already mapped.  Use it.  */
  	  void *file_phdr = ((char *) elf->map_address
  			     + elf->start_offset + ehdr->e_phoff);