[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <konrad@xxxxxxxxxx>, <ross.lagerwall@xxxxxxxxxx>, <mpohlack@xxxxxxxxx>, <sasha.levin@xxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 8 Apr 2016 15:53:44 +0100
Cc: Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Tim Deegan <tim@xxxxxxx>
Delivery-date: Fri, 08 Apr 2016 14:54:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/04/16 04:49, Konrad Rzeszutek Wilk wrote:
> +static int elf_resolve_sections(struct xsplice_elf *elf, const void *data)
> +{
> +    struct xsplice_elf_sec *sec;
> +    unsigned int i;
> +    Elf_Off delta;
> +    int rc;
> +
> +    /* xsplice_elf_load sanity checked e_shnum. */
> +    sec = xmalloc_array(struct xsplice_elf_sec, elf->hdr->e_shnum);
> +    if ( !sec )
> +    {
> +        printk(XENLOG_ERR XSPLICE"%s: Could not allocate memory for section 
> table!\n",
> +               elf->name);
> +        return -ENOMEM;
> +    }
> +
> +    elf->sec = sec;
> +
> +    delta = elf->hdr->e_shoff + elf->hdr->e_shnum * elf->hdr->e_shentsize;

Have we verified any of these to be sane yet?  (i.e. what about
calculation overflow?)

(Edit: e_shnum yes, e_shentsize and e_shoff look to be no)

> +    if ( delta >= elf->len )
> +    {
> +            dprintk(XENLOG_DEBUG, XSPLICE "%s: Section table is past end of 
> payload!\n",
> +                    elf->name);
> +            return -EINVAL;
> +    }

(Mis)-alignment


> +static int elf_get_sym(struct xsplice_elf *elf, const void *data)
> +{
> +    const struct xsplice_elf_sec *symtab_sec, *strtab_sec;
> +    struct xsplice_elf_sym *sym;
> +    unsigned int i, delta, offset, nsym;
> +
> +    symtab_sec = elf->symtab;
> +    strtab_sec = elf->strtab;
> +
> +    /* Pointers arithmetic to get file offset. */
> +    offset = strtab_sec->data - data;
> +
> +    /* Checked already in elf_resolve_sections, but just in case. */
> +    ASSERT(offset == strtab_sec->sec->sh_offset);
> +    ASSERT(offset < elf->len && (offset + strtab_sec->sec->sh_size <= 
> elf->len));
> +
> +    /* symtab_sec->data was computed in elf_resolve_sections. */
> +    ASSERT((symtab_sec->sec->sh_offset + data) == symtab_sec->data);
> +
> +    /* No need to check values as elf_resolve_sections did it. */
> +    nsym = symtab_sec->sec->sh_size / symtab_sec->sec->sh_entsize;

Has anything checked sh_entsize for being 0 or -1 ?

Being unsigned, -1 cant happen, but nothing checks got being nonzero.

With these things fixed, Reviewed-by: Andrew
Cooper<andrew.cooper3@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] [PATCH v6] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk

Prev by Date: Re: [Xen-devel] [PATCH 3/4] libxl: only allow guests with a device model to use cd-{eject/insert}
Next by Date: Re: [Xen-devel] [PATCH] docs: add misc/qemu-backends.txt
Previous by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Next by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.