summaryrefslogtreecommitdiff
path: root/src/arbits
diff options
context:
space:
mode:
authormidipix <writeonce@midipix.org>2024-01-25 04:38:42 +0000
committermidipix <writeonce@midipix.org>2024-01-25 04:38:42 +0000
commit1c4fed5505c91cd00f738e5459ab37d0a495c090 (patch)
tree05456f7f1f294c6fa3deea561b8b95473b577068 /src/arbits
parentc37698deddf747df9e4cebd3157e8ec09fb11373 (diff)
downloadslibtool-1c4fed5505c91cd00f738e5459ab37d0a495c090.tar.bz2
slibtool-1c4fed5505c91cd00f738e5459ab37d0a495c090.tar.xz
slbt_ar_parse_primary_armap_bsd_64(): perform strict armap validation.
Diffstat (limited to 'src/arbits')
-rw-r--r--src/arbits/slbt_archive_meta.c55
1 files changed, 49 insertions, 6 deletions
diff --git a/src/arbits/slbt_archive_meta.c b/src/arbits/slbt_archive_meta.c
index 50b4605..2505a46 100644
--- a/src/arbits/slbt_archive_meta.c
+++ b/src/arbits/slbt_archive_meta.c
@@ -333,11 +333,16 @@ static int slbt_ar_parse_primary_armap_bsd_64(
struct ar_raw_armap_bsd_64 * armap;
struct ar_meta_member_info * memberp;
struct ar_meta_armap_common_64 *armapref;
+ uint32_t attr;
uint64_t u64_lo;
uint64_t u64_hi;
uint64_t nsyms;
+ uint64_t nstrs;
+ uint64_t sizeofrefs_le;
+ uint64_t sizeofrefs_be;
uint64_t sizeofrefs;
uint64_t sizeofstrs;
+ const char * ch;
unsigned char * uch;
unsigned char (*mark)[0x08];
@@ -354,19 +359,57 @@ static int slbt_ar_parse_primary_armap_bsd_64(
u64_lo = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0];
u64_hi = (uch[7] << 24) + (uch[6] << 16) + (uch[5] << 8) + uch[4];
- sizeofrefs = u64_lo + (u64_hi << 32);
- nsyms = sizeofrefs / sizeof(struct ar_raw_armap_ref_64);
- mark += (sizeofrefs / sizeof(*mark));
+ sizeofrefs_le = u64_lo + (u64_hi << 32);
+
+ u64_hi = (uch[0] << 24) + (uch[1] << 16) + (uch[2] << 8) + uch[3];
+ u64_lo = (uch[4] << 24) + (uch[5] << 16) + (uch[6] << 8) + uch[7];
+
+ sizeofrefs_be = (u64_hi << 32) + u64_lo;
+
+ if (sizeofrefs_le < memberp->ar_object_size - sizeof(*mark)) {
+ sizeofrefs = sizeofrefs_le;
+ attr = AR_ARMAP_ATTR_LE_64;
+
+ } else if (sizeofrefs_be < memberp->ar_object_size - sizeof(*mark)) {
+ sizeofrefs = sizeofrefs_be;
+ attr = AR_ARMAP_ATTR_BE_64;
+ } else {
+ return SLBT_CUSTOM_ERROR(
+ dctx,
+ SLBT_ERR_AR_INVALID_ARMAP_SIZE_OF_REFS);
+ }
+
+ nsyms = sizeofrefs / sizeof(struct ar_raw_armap_ref_64);
+ mark += (sizeofrefs / sizeof(*mark));
armap->ar_size_of_strs = mark;
uch = *mark++;
- u64_lo = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0];
- u64_hi = (uch[7] << 24) + (uch[6] << 16) + (uch[5] << 8) + uch[4];
+ if (attr == AR_ARMAP_ATTR_LE_64) {
+ u64_lo = (uch[3] << 24) + (uch[2] << 16) + (uch[1] << 8) + uch[0];
+ u64_hi = (uch[7] << 24) + (uch[6] << 16) + (uch[5] << 8) + uch[4];
+ } else {
+ u64_hi = (uch[0] << 24) + (uch[1] << 16) + (uch[2] << 8) + uch[3];
+ u64_lo = (uch[4] << 24) + (uch[5] << 16) + (uch[6] << 8) + uch[7];
+ }
sizeofstrs = u64_lo + (u64_hi << 32);
m->symstrs = (const char *)mark;
+ if (nsyms && !m->symstrs[0])
+ return SLBT_CUSTOM_ERROR(
+ dctx,
+ SLBT_ERR_AR_INVALID_ARMAP_STRING_TABLE);
+
+ for (ch=&m->symstrs[1],nstrs=0; ch<&m->symstrs[sizeofstrs]; ch++)
+ if (!ch[0] && ch[-1])
+ nstrs++;
+
+ if (nstrs != nsyms)
+ return SLBT_CUSTOM_ERROR(
+ dctx,
+ SLBT_ERR_AR_INVALID_ARMAP_STRING_TABLE);
+
if (!(m->symstrv = calloc(nsyms + 1,sizeof(const char *))))
return SLBT_SYSTEM_ERROR(dctx,0);
@@ -375,7 +418,7 @@ static int slbt_ar_parse_primary_armap_bsd_64(
armapref = &m->armaps.armap_common_64;
armapref->ar_member = memberp;
armapref->ar_armap_bsd = armap;
- armapref->ar_armap_attr = AR_ARMAP_ATTR_BSD | AR_ARMAP_ATTR_LE_64;
+ armapref->ar_armap_attr = AR_ARMAP_ATTR_BSD | attr;
armapref->ar_num_of_symbols = nsyms;
armapref->ar_size_of_refs = sizeofrefs;
armapref->ar_size_of_strs = sizeofstrs;