summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
authorAaron Durbin <adurbin@chromium.org>2014-03-07 15:23:05 -0600
committerAaron Durbin <adurbin@google.com>2014-03-13 05:31:49 +0100
commita31ff73e8de60ca6ac61a724f8c7649a1034176f (patch)
tree2ae7c621f59f7f70924231e4c8d4e77ac295ec1b /util
parentb1b5118c717d673506292dced272a0837612fc17 (diff)
cbfstool: elfparsing: check segment and section regions
While parsing the section and program headers ensure the locations of their contents are within the elf file proper. Change-Id: I856f7de45f82ac15977abc06e51bedb51c58dde1 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Reviewed-on: http://review.coreboot.org/5372 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Marc Jones <marc.jones@se-eng.com>
Diffstat (limited to 'util')
-rw-r--r--util/cbfstool/elfheaders.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/util/cbfstool/elfheaders.c b/util/cbfstool/elfheaders.c
index 3af82a6ce6..505af78aa9 100644
--- a/util/cbfstool/elfheaders.c
+++ b/util/cbfstool/elfheaders.c
@@ -272,9 +272,16 @@ phdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64)
* than one loop over all the phdrs.
*/
phdr = calloc(ehdr->e_phnum, sizeof(*phdr));
- for (i = 0; i < ehdr->e_phnum; i++)
+ for (i = 0; i < ehdr->e_phnum; i++) {
+ DEBUG("Parsing segment %d\n", i);
elf_phdr(&b, &phdr[i], ehdr->e_phentsize, xdr, bit64);
+ /* Ensure the contents are valid within the elf file. */
+ if (check_size(in, phdr[i].p_offset, phdr[i].p_filesz,
+ "segment contents"))
+ return NULL;
+ }
+
return phdr;
}
@@ -296,9 +303,16 @@ shdr_read(const struct buffer *in, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64)
/* gather up all the shdrs. */
shdr = calloc(ehdr->e_shnum, sizeof(*shdr));
- for (i = 0; i < ehdr->e_shnum; i++)
+ for (i = 0; i < ehdr->e_shnum; i++) {
+ DEBUG("Parsing section %d\n", i);
elf_shdr(&b, &shdr[i], ehdr->e_shentsize, xdr, bit64);
+ /* Ensure the contents are valid within the elf file. */
+ if (check_size(in, shdr[i].sh_offset, shdr[i].sh_size,
+ "section contents"))
+ return NULL;
+ }
+
return shdr;
}