2013/11/20 Geyslan G. Bem <geyslan@xxxxxxxxx>: > The member 'e_ehsize' that holds the ELF header size is compared > with the elfhdr struct size. If not equal, goes out. > If 'e_phoff' holds 0 the object has no program header table, so > goes out. > > Increasing the binary consistency reduces the use of malformed ones. > > Both checks are in accordance with the ELF Specifications. > > Signed-off-by: Geyslan G. Bem <geyslan@xxxxxxxxx> > --- > fs/binfmt_elf.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index 571a423..3c08f96 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -603,6 +603,8 @@ static int load_elf_binary(struct linux_binprm *bprm) > if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0) > goto out; > > + if (loc->elf_ex.e_ehsize != sizeof(struct elfhdr)) > + goto out; > if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN) > goto out; > if (!elf_check_arch(&loc->elf_ex)) > @@ -611,6 +613,8 @@ static int load_elf_binary(struct linux_binprm *bprm) > goto out; > > /* Now read in all of the header information */ > + if (loc->elf_ex.e_phoff == 0) > + goto out; > if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr)) > goto out; > if (loc->elf_ex.e_phnum < 1 || > -- > 1.8.4.2 > PATCH v2 Sent: [PATCH v2] fs: binfmt_elf: Add ELF header consistency checks -- Regards, Geyslan G. Bem hackingbits.com -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
