According to the ELF specification, if the value of st_shndx
contains SH_XINDEX, the actual section header index is too
large to fit in the st_shndx field and you should use the
value out of the SHT_SYMTAB_SHNDX section instead. This table
was already being parsed and saved into symtab_shndx_start, however
it was not being used, causing segfaults when the number of
sections is greater than 64K. Check the st_shndx field for
SHN_XINDEX prior to using.
Signed-off-by: Kristen Carlson Accardi <[email protected]>
---
scripts/mod/modpost.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 6e892c93d104..5ce7e9dc2f04 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -305,9 +305,23 @@ static const char *sec_name(struct elf_info *elf, int secindex)
return sech_name(elf, &elf->sechdrs[secindex]);
}
+static int sym_index(const Elf_Sym *sym, const struct elf_info *info)
+{
+ unsigned long offset;
+ int index;
+
+ if (sym->st_shndx != SHN_XINDEX)
+ return sym->st_shndx;
+
+ offset = (unsigned long)sym - (unsigned long)info->symtab_start;
+ index = offset/(sizeof(*sym));
+
+ return TO_NATIVE(info->symtab_shndx_start[index]);
+}
+
static void *sym_get_data(const struct elf_info *info, const Elf_Sym *sym)
{
- Elf_Shdr *sechdr = &info->sechdrs[sym->st_shndx];
+ Elf_Shdr *sechdr = &info->sechdrs[sym_index(sym, info)];
unsigned long offset;
offset = sym->st_value;
--
2.24.1
On Wed, Feb 05, 2020 at 02:39:40PM -0800, Kristen Carlson Accardi wrote:
> According to the ELF specification, if the value of st_shndx
> contains SH_XINDEX, the actual section header index is too
> large to fit in the st_shndx field and you should use the
> value out of the SHT_SYMTAB_SHNDX section instead. This table
> was already being parsed and saved into symtab_shndx_start, however
> it was not being used, causing segfaults when the number of
> sections is greater than 64K. Check the st_shndx field for
> SHN_XINDEX prior to using.
>
> Signed-off-by: Kristen Carlson Accardi <[email protected]>
Looking at "readelf" output continues to make me laugh. :)
Reviewed-by: Kees Cook <[email protected]>
-Kees
--
Kees Cook