diff options
author | kib <kib@FreeBSD.org> | 2007-12-04 12:21:27 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2007-12-04 12:21:27 +0000 |
commit | dbef1afd93ab22bb7408d3258ee59494af7dc2ac (patch) | |
tree | fbe47f591549a7e0ab0041b75a75aa909e971f0e /sys | |
parent | e957a260c9731667da3a343021dfe423d01a4770 (diff) | |
download | FreeBSD-src-dbef1afd93ab22bb7408d3258ee59494af7dc2ac.zip FreeBSD-src-dbef1afd93ab22bb7408d3258ee59494af7dc2ac.tar.gz |
Check for the program headers alignment of the ELF images before
dereferencing. Unaligned access could cause panic on strict alignment
architectures.
Reviewed by: marcel, marius (also tested on sparc64, thanks !)
MFC after: 3 days
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/imgact_elf.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index 947a516..ab6ab03 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c @@ -106,6 +106,10 @@ SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW, static Elf_Brandinfo *elf_brand_list[MAX_BRANDS]; +#define trunc_page_ps(va, ps) ((va) & ~(ps - 1)) +#define round_page_ps(va, ps) (((va) + (ps - 1)) & ~(ps - 1)) +#define aligned(a, t) (trunc_page_ps((u_long)(a), sizeof(t)) == (u_long)(a)) + int __elfN(insert_brand_entry)(Elf_Brandinfo *entry) { @@ -360,9 +364,6 @@ __elfN(load_section)(struct vmspace *vmspace, return (ENOEXEC); } -#define trunc_page_ps(va, ps) ((va) & ~(ps - 1)) -#define round_page_ps(va, ps) (((va) + (ps - 1)) & ~(ps - 1)) - map_addr = trunc_page_ps((vm_offset_t)vmaddr, pagesize); file_addr = trunc_page_ps(offset, pagesize); @@ -549,6 +550,10 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr, } phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff); + if (!aligned(phdr, Elf_Addr)) { + error = ENOEXEC; + goto fail; + } for (i = 0, numsegs = 0; i < hdr->e_phnum; i++) { if (phdr[i].p_type == PT_LOAD) { /* Loadable segment */ @@ -632,6 +637,8 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) return (ENOEXEC); } phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff); + if (!aligned(phdr, Elf_Addr)) + return (ENOEXEC); for (i = 0; i < hdr->e_phnum; i++) { if (phdr[i].p_type == PT_INTERP) { /* Path to interpreter */ |