From a31ff73e8de60ca6ac61a724f8c7649a1034176f Mon Sep 17 00:00:00 2001 From: Aaron Durbin Date: Fri, 7 Mar 2014 15:23:05 -0600 Subject: [PATCH] cbfstool: elfparsing: check segment and section regions While parsing the section and program headers ensure the locations of their contents are within the elf file proper. Change-Id: I856f7de45f82ac15977abc06e51bedb51c58dde1 Signed-off-by: Aaron Durbin Reviewed-on: http://review.coreboot.org/5372 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer Reviewed-by: Marc Jones --- util/cbfstool/elfheaders.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/util/cbfstool/elfheaders.c b/util/cbfstool/elfheaders.c index 3af82a6ce6..505af78aa9 100644 --- a/util/cbfstool/elfheaders.c +++ b/util/cbfstool/elfheaders.c @@ -272,9 +272,16 @@ phdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64) * than one loop over all the phdrs. */ phdr = calloc(ehdr->e_phnum, sizeof(*phdr)); - for (i = 0; i < ehdr->e_phnum; i++) + for (i = 0; i < ehdr->e_phnum; i++) { + DEBUG("Parsing segment %d\n", i); elf_phdr(&b, &phdr[i], ehdr->e_phentsize, xdr, bit64); + /* Ensure the contents are valid within the elf file. */ + if (check_size(in, phdr[i].p_offset, phdr[i].p_filesz, + "segment contents")) + return NULL; + } + return phdr; } @@ -296,9 +303,16 @@ shdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64) /* gather up all the shdrs. */ shdr = calloc(ehdr->e_shnum, sizeof(*shdr)); - for (i = 0; i < ehdr->e_shnum; i++) + for (i = 0; i < ehdr->e_shnum; i++) { + DEBUG("Parsing section %d\n", i); elf_shdr(&b, &shdr[i], ehdr->e_shentsize, xdr, bit64); + /* Ensure the contents are valid within the elf file. */ + if (check_size(in, shdr[i].sh_offset, shdr[i].sh_size, + "section contents")) + return NULL; + } + return shdr; }