LibELF: Reject ELF with program header p_filesz larger than p_memsz

Author: https://github.com/bcoles Commit: https://github.com/SerenityOS/serenity/commit/bceee87f613 Pull-request: https://github.com/SerenityOS/serenity/pull/4576 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/linusg
2024-09-29 08:11:13 +00:00 · 2020-12-27 22:01:56 +00:00 · 2020-12-27 22:01:56 +00:00 · bceee87f61 · 2024-07-19 00:31:14 +09:00
parent ca0f3db004
commit bceee87f61
1 changed files with 7 additions and 0 deletions
--- a/Libraries/LibELF/Validation.cpp
+++ b/Libraries/LibELF/Validation.cpp
@ -193,6 +193,13 @@ bool validate_program_headers(const Elf32_Ehdr& elf_header, size_t file_size, co

    for (size_t header_index = 0; header_index < num_program_headers; ++header_index) {
        auto& program_header = program_header_begin[header_index];
+
+        if (program_header.p_filesz > program_header.p_memsz) {
+            if (verbose)
+                dbgln("Program header ({}) has p_filesz ({}) larger than p_memsz ({})", header_index, program_header.p_filesz, program_header.p_memsz);
+            return false;
+        }
+
        switch (program_header.p_type) {
        case PT_INTERP:
            // We checked above that file_size was >= buffer size. We only care about buffer size anyway, we're trying to read this!