[coreboot-gerrit] New patch to review for coreboot: de12380 cbfstool: elfparsing: check segment and section regions

Aaron Durbin (adurbin@google.com) gerrit at coreboot.org
Tue Mar 11 18:11:43 CET 2014 

Aaron Durbin (adurbin at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/5372

-gerrit

commit de123803a6e8dcd9d1fc2f4c1dd7e2708867d3c1
Author: Aaron Durbin <adurbin at chromium.org>
Date:   Fri Mar 7 15:23:05 2014 -0600

    cbfstool: elfparsing: check segment and section regions
    
    While parsing the section and program headers ensure the
    locations of their contents are within the elf file proper.
    
    Change-Id: I856f7de45f82ac15977abc06e51bedb51c58dde1
    Signed-off-by: Aaron Durbin <adurbin at chromium.org>
---
 util/cbfstool/elfheaders.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/util/cbfstool/elfheaders.c b/util/cbfstool/elfheaders.c
index 3af82a6..505af78 100644
--- a/util/cbfstool/elfheaders.c
+++ b/util/cbfstool/elfheaders.c
@@ -272,9 +272,16 @@ phdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64)
 	 * than one loop over all the phdrs.
 	 */
 	phdr = calloc(ehdr->e_phnum, sizeof(*phdr));
-	for (i = 0; i < ehdr->e_phnum; i++)
+	for (i = 0; i < ehdr->e_phnum; i++) {
+		DEBUG("Parsing segment %d\n", i);
 		elf_phdr(&b, &phdr[i], ehdr->e_phentsize, xdr, bit64);
 
+		/* Ensure the contents are valid within the elf file. */
+		if (check_size(in, phdr[i].p_offset, phdr[i].p_filesz,
+	                  "segment contents"))
+			return NULL;
+	}
+
 	return phdr;
 }
 
@@ -296,9 +303,16 @@ shdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64)
 
 	/* gather up all the shdrs. */
 	shdr = calloc(ehdr->e_shnum, sizeof(*shdr));
-	for (i = 0; i < ehdr->e_shnum; i++)
+	for (i = 0; i < ehdr->e_shnum; i++) {
+		DEBUG("Parsing section %d\n", i);
 		elf_shdr(&b, &shdr[i], ehdr->e_shentsize, xdr, bit64);
 
+		/* Ensure the contents are valid within the elf file. */
+		if (check_size(in, shdr[i].sh_offset, shdr[i].sh_size,
+		               "section contents"))
+			return NULL;
+	}
+
 	return shdr;
 }

More information about the coreboot-gerrit mailing list