This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH 01/17] libelf: Fix possible unbounded stack usage in elf_getarsym.

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Sat, 23 May 2015 23:10:14 +0200
Subject: [PATCH 01/17] libelf: Fix possible unbounded stack usage in elf_getarsym.

The number of entries in the index can be large, don't use alloca to
read in temporary data, use malloc (and free after out).

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libelf/ChangeLog      |  5 +++++
 libelf/elf_getarsym.c | 14 ++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index ed2ddd8..17ab740 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-16  Mark Wielaard  <mjw@redhat.com>
+
+	* elf_getarsym.c (elf_getarsym): Allocate temporary file_date with
+	malloc, not alloca. Call free after out.
+
 2015-05-14  Mark Wielaard  <mjw@redhat.com>
 
 	* elf_update.c (write_file): Use posix_fallocate instead of
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index 40633aa..fa9cd42 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -1,5 +1,5 @@
 /* Return symbol table of archive.
-   Copyright (C) 1998-2000, 2002, 2005, 2009, 2012, 2014 Red Hat, Inc.
+   Copyright (C) 1998-2000, 2002, 2005, 2009, 2012, 2014, 2015 Red Hat, Inc.
    This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 1998.
 
@@ -106,6 +106,9 @@ elf_getarsym (elf, ptr)
       /* In case we find no index remember this for the next call.  */
       elf->state.ar.ar_sym = (Elf_Arsym *) -1l;
 
+      /* We might have to allocate some temporary data for reading.  */
+      void *temp_data = NULL;
+
       struct ar_hdr *index_hdr;
       if (elf->map_address == NULL)
 	{
@@ -210,7 +213,13 @@ elf_getarsym (elf, ptr)
 
 	  if (elf->map_address == NULL)
 	    {
-	      file_data = alloca (sz);
+	      temp_data = malloc (sz);
+	      if (temp_data == NULL)
+		{
+		  __libelf_seterrno (ELF_E_NOMEM);
+		  goto out;
+		}
+	      file_data = temp_data;
 
 	      ar_sym_len += index_size - n * w;
 	      Elf_Arsym *newp = (Elf_Arsym *) realloc (elf->state.ar.ar_sym,
@@ -299,6 +308,7 @@ elf_getarsym (elf, ptr)
       result = elf->state.ar.ar_sym;
 
     out:
+      free (temp_data);
       rwlock_unlock (elf->lock);
     }
 
-- 
1.8.3.1

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]