diff options
author | midipix <writeonce@midipix.org> | 2024-01-25 04:24:00 +0000 |
---|---|---|
committer | midipix <writeonce@midipix.org> | 2024-01-25 04:24:00 +0000 |
commit | c37698deddf747df9e4cebd3157e8ec09fb11373 (patch) | |
tree | f53c4856f7c2f4ec1680b005d32610fe1eec3cb5 /src/arbits | |
parent | a470d5887690957835de60c3cdd6b94841201e70 (diff) | |
download | slibtool-c37698deddf747df9e4cebd3157e8ec09fb11373.tar.bz2 slibtool-c37698deddf747df9e4cebd3157e8ec09fb11373.tar.xz |
slbt_ar_parse_primary_armap_bsd_32(): perform strict armap validation.
Diffstat (limited to 'src/arbits')
-rw-r--r-- | src/arbits/slbt_archive_meta.c | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/src/arbits/slbt_archive_meta.c b/src/arbits/slbt_archive_meta.c index 260ca76..50b4605 100644 --- a/src/arbits/slbt_archive_meta.c +++ b/src/arbits/slbt_archive_meta.c @@ -237,9 +237,14 @@ static int slbt_ar_parse_primary_armap_bsd_32( struct ar_raw_armap_bsd_32 * armap; struct ar_meta_member_info * memberp; struct ar_meta_armap_common_32 *armapref; + uint32_t attr; uint32_t nsyms; + uint32_t nstrs; + uint32_t sizeofrefs_le; + uint32_t sizeofrefs_be; uint32_t sizeofrefs; uint32_t sizeofstrs; + const char * ch; unsigned char * uch; unsigned char (*mark)[0x04]; @@ -253,17 +258,53 @@ static int slbt_ar_parse_primary_armap_bsd_32( armap->ar_first_name_offset = mark; - sizeofrefs = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0]; - nsyms = sizeofrefs / sizeof(struct ar_raw_armap_ref_32); - mark += (sizeofrefs / sizeof(*mark)); + sizeofrefs_le = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0]; + sizeofrefs_be = (uch[0] << 24) + (uch[1] << 16) + (uch[2] << 8) + uch[3]; + + if (sizeofrefs_le < memberp->ar_object_size - sizeof(*mark)) { + sizeofrefs = sizeofrefs_le; + attr = AR_ARMAP_ATTR_LE_32; + + } else if (sizeofrefs_be < memberp->ar_object_size - sizeof(*mark)) { + sizeofrefs = sizeofrefs_be; + attr = AR_ARMAP_ATTR_BE_32; + } else { + return SLBT_CUSTOM_ERROR( + dctx, + SLBT_ERR_AR_INVALID_ARMAP_SIZE_OF_REFS); + } + + nsyms = sizeofrefs / sizeof(struct ar_raw_armap_ref_32); + mark += (sizeofrefs / sizeof(*mark)); armap->ar_size_of_strs = mark; uch = *mark++; - sizeofstrs = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0]; + sizeofstrs = (attr == AR_ARMAP_ATTR_LE_32) + ? (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0] + : (uch[0] << 24) + (uch[1] << 16) + (uch[2] << 8) + uch[3]; + + if (sizeofstrs > memberp->ar_object_size - 2*sizeof(*mark) - sizeofrefs) + return SLBT_CUSTOM_ERROR( + dctx, + SLBT_ERR_AR_INVALID_ARMAP_SIZE_OF_STRS); m->symstrs = (const char *)mark; + if (nsyms && !m->symstrs[0]) + return SLBT_CUSTOM_ERROR( + dctx, + SLBT_ERR_AR_INVALID_ARMAP_STRING_TABLE); + + for (ch=&m->symstrs[1],nstrs=0; ch<&m->symstrs[sizeofstrs]; ch++) + if (!ch[0] && ch[-1]) + nstrs++; + + if (nstrs != nsyms) + return SLBT_CUSTOM_ERROR( + dctx, + SLBT_ERR_AR_INVALID_ARMAP_STRING_TABLE); + if (!(m->symstrv = calloc(nsyms + 1,sizeof(const char *)))) return SLBT_SYSTEM_ERROR(dctx,0); @@ -272,7 +313,7 @@ static int slbt_ar_parse_primary_armap_bsd_32( armapref = &m->armaps.armap_common_32; armapref->ar_member = memberp; armapref->ar_armap_bsd = armap; - armapref->ar_armap_attr = AR_ARMAP_ATTR_BSD | AR_ARMAP_ATTR_LE_32; + armapref->ar_armap_attr = AR_ARMAP_ATTR_BSD | attr; armapref->ar_num_of_symbols = nsyms; armapref->ar_size_of_refs = sizeofrefs; armapref->ar_size_of_strs = sizeofstrs; |