1 /* Pedantic checking of ELF files compliance with gABI/psABI spec. 2 Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Red Hat, Inc. 3 This file is part of Red Hat elfutils. 4 Written by Ulrich Drepper <drepper@redhat.com>, 2001. 5 6 Red Hat elfutils is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by the 8 Free Software Foundation; version 2 of the License. 9 10 Red Hat elfutils is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 General Public License for more details. 14 15 You should have received a copy of the GNU General Public License along 16 with Red Hat elfutils; if not, write to the Free Software Foundation, 17 Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA. 18 19 Red Hat elfutils is an included package of the Open Invention Network. 20 An included package of the Open Invention Network is a package for which 21 Open Invention Network licensees cross-license their patents. No patent 22 license is granted, either expressly or impliedly, by designation as an 23 included package. Should you wish to participate in the Open Invention 24 Network licensing program, please visit www.openinventionnetwork.com 25 <http://www.openinventionnetwork.com>. */ 26 27 #ifdef HAVE_CONFIG_H 28 # include <config.h> 29 #endif 30 31 #include <argp.h> 32 #include <assert.h> 33 #include <byteswap.h> 34 #include <endian.h> 35 #include <error.h> 36 #include <fcntl.h> 37 #include <gelf.h> 38 #include <inttypes.h> 39 #include <libintl.h> 40 #include <locale.h> 41 #include <stdbool.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <unistd.h> 45 #include <sys/param.h> 46 47 #include <elf-knowledge.h> 48 #include <system.h> 49 #include "../libelf/libelfP.h" 50 #include "../libelf/common.h" 51 #include "../libebl/libeblP.h" 52 #include "../libdw/libdwP.h" 53 #include "../libdwfl/libdwflP.h" 54 #include "../libdw/memory-access.h" 55 56 57 /* Name and version of program. */ 58 static void print_version (FILE *stream, struct argp_state *state); 59 void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version; 60 61 /* Bug report address. */ 62 const char *argp_program_bug_address = PACKAGE_BUGREPORT; 63 64 #define ARGP_strict 300 65 #define ARGP_gnuld 301 66 67 /* Definitions of arguments for argp functions. */ 68 static const struct argp_option options[] = 69 { 70 71 { "strict", ARGP_strict, NULL, 0, 72 N_("Be extremely strict, flag level 2 features."), 0 }, 73 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 }, 74 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 }, 75 { "gnu-ld", ARGP_gnuld, NULL, 0, 76 N_("Binary has been created with GNU ld and is therefore known to be \ 77 broken in certain ways"), 0 }, 78 { NULL, 0, NULL, 0, NULL, 0 } 79 }; 80 81 /* Short description of program. */ 82 static const char doc[] = N_("\ 83 Pedantic checking of ELF files compliance with gABI/psABI spec."); 84 85 /* Strings for arguments in help texts. */ 86 static const char args_doc[] = N_("FILE..."); 87 88 /* Prototype for option handler. */ 89 static error_t parse_opt (int key, char *arg, struct argp_state *state); 90 91 /* Data structure to communicate with argp functions. */ 92 static struct argp argp = 93 { 94 options, parse_opt, args_doc, doc, NULL, NULL, NULL 95 }; 96 97 98 /* Declarations of local functions. */ 99 static void process_file (int fd, Elf *elf, const char *prefix, 100 const char *suffix, const char *fname, size_t size, 101 bool only_one); 102 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix, 103 const char *fname, size_t size, bool only_one); 104 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, 105 GElf_Shdr *shdr, int idx); 106 107 108 /* Report an error. */ 109 #define ERROR(str, args...) \ 110 do { \ 111 printf (str, ##args); \ 112 ++error_count; \ 113 } while (0) 114 static unsigned int error_count; 115 116 /* True if we should perform very strict testing. */ 117 static bool be_strict; 118 119 /* True if no message is to be printed if the run is succesful. */ 120 static bool be_quiet; 121 122 /* True if binary is from strip -f, not a normal ELF file. */ 123 static bool is_debuginfo; 124 125 /* True if binary is assumed to be generated with GNU ld. */ 126 static bool gnuld; 127 128 /* Index of section header string table. */ 129 static uint32_t shstrndx; 130 131 /* Array to count references in section groups. */ 132 static int *scnref; 133 134 135 int main(int argc,char * argv[])136 main (int argc, char *argv[]) 137 { 138 /* Set locale. */ 139 setlocale (LC_ALL, ""); 140 141 /* Initialize the message catalog. */ 142 textdomain (PACKAGE_TARNAME); 143 144 /* Parse and process arguments. */ 145 int remaining; 146 argp_parse (&argp, argc, argv, 0, &remaining, NULL); 147 148 /* Before we start tell the ELF library which version we are using. */ 149 elf_version (EV_CURRENT); 150 151 /* Now process all the files given at the command line. */ 152 bool only_one = remaining + 1 == argc; 153 do 154 { 155 /* Open the file. */ 156 int fd = open (argv[remaining], O_RDONLY); 157 if (fd == -1) 158 { 159 error (0, errno, gettext ("cannot open input file")); 160 continue; 161 } 162 163 /* Create an `Elf' descriptor. */ 164 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL); 165 if (elf == NULL) 166 ERROR (gettext ("cannot generate Elf descriptor: %s\n"), 167 elf_errmsg (-1)); 168 else 169 { 170 unsigned int prev_error_count = error_count; 171 struct stat64 st; 172 173 if (fstat64 (fd, &st) != 0) 174 { 175 printf ("cannot stat '%s': %m\n", argv[remaining]); 176 close (fd); 177 continue; 178 } 179 180 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size, 181 only_one); 182 183 /* Now we can close the descriptor. */ 184 if (elf_end (elf) != 0) 185 ERROR (gettext ("error while closing Elf descriptor: %s\n"), 186 elf_errmsg (-1)); 187 188 if (prev_error_count == error_count && !be_quiet) 189 puts (gettext ("No errors")); 190 } 191 192 close (fd); 193 } 194 while (++remaining < argc); 195 196 return error_count != 0; 197 } 198 199 200 /* Handle program arguments. */ 201 static error_t parse_opt(int key,char * arg,struct argp_state * state)202 parse_opt (int key, char *arg __attribute__ ((unused)), 203 struct argp_state *state __attribute__ ((unused))) 204 { 205 switch (key) 206 { 207 case ARGP_strict: 208 be_strict = true; 209 break; 210 211 case 'q': 212 be_quiet = true; 213 break; 214 215 case 'd': 216 is_debuginfo = true; 217 218 case ARGP_gnuld: 219 gnuld = true; 220 break; 221 222 case ARGP_KEY_NO_ARGS: 223 fputs (gettext ("Missing file name.\n"), stderr); 224 argp_help (&argp, stderr, ARGP_HELP_SEE | ARGP_HELP_EXIT_ERR, 225 program_invocation_short_name); 226 exit (1); 227 228 default: 229 return ARGP_ERR_UNKNOWN; 230 } 231 return 0; 232 } 233 234 235 /* Print the version information. */ 236 static void print_version(FILE * stream,struct argp_state * state)237 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused))) 238 { 239 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION); 240 fprintf (stream, gettext ("\ 241 Copyright (C) %s Red Hat, Inc.\n\ 242 This is free software; see the source for copying conditions. There is NO\n\ 243 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ 244 "), "2008"); 245 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper"); 246 } 247 248 249 /* Process one file. */ 250 static void process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)251 process_file (int fd, Elf *elf, const char *prefix, const char *suffix, 252 const char *fname, size_t size, bool only_one) 253 { 254 /* We can handle two types of files: ELF files and archives. */ 255 Elf_Kind kind = elf_kind (elf); 256 257 switch (kind) 258 { 259 case ELF_K_ELF: 260 /* Yes! It's an ELF file. */ 261 process_elf_file (elf, prefix, suffix, fname, size, only_one); 262 break; 263 264 case ELF_K_AR: 265 { 266 Elf *subelf; 267 Elf_Cmd cmd = ELF_C_READ_MMAP; 268 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix); 269 size_t fname_len = strlen (fname) + 1; 270 char new_prefix[prefix_len + 1 + fname_len]; 271 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2]; 272 char *cp = new_prefix; 273 274 /* Create the full name of the file. */ 275 if (prefix != NULL) 276 { 277 cp = mempcpy (cp, prefix, prefix_len); 278 *cp++ = '('; 279 strcpy (stpcpy (new_suffix, suffix), ")"); 280 } 281 else 282 new_suffix[0] = '\0'; 283 memcpy (cp, fname, fname_len); 284 285 /* It's an archive. We process each file in it. */ 286 while ((subelf = elf_begin (fd, cmd, elf)) != NULL) 287 { 288 kind = elf_kind (subelf); 289 290 /* Call this function recursively. */ 291 if (kind == ELF_K_ELF || kind == ELF_K_AR) 292 { 293 Elf_Arhdr *arhdr = elf_getarhdr (subelf); 294 assert (arhdr != NULL); 295 296 process_file (fd, subelf, new_prefix, new_suffix, 297 arhdr->ar_name, arhdr->ar_size, false); 298 } 299 300 /* Get next archive element. */ 301 cmd = elf_next (subelf); 302 if (elf_end (subelf) != 0) 303 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"), 304 elf_errmsg (-1)); 305 } 306 } 307 break; 308 309 default: 310 /* We cannot do anything. */ 311 ERROR (gettext ("\ 312 Not an ELF file - it has the wrong magic bytes at the start\n")); 313 break; 314 } 315 } 316 317 318 static const char * section_name(Ebl * ebl,int idx)319 section_name (Ebl *ebl, int idx) 320 { 321 GElf_Shdr shdr_mem; 322 GElf_Shdr *shdr; 323 324 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem); 325 326 return elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 327 } 328 329 330 static const int valid_e_machine[] = 331 { 332 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370, 333 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC, 334 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM, 335 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300, 336 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE, 337 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16, 338 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7, 339 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX, 340 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM, 341 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300, 342 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA 343 }; 344 #define nvalid_e_machine \ 345 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0])) 346 347 348 /* Number of sections. */ 349 static unsigned int shnum; 350 351 352 static void check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)353 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size) 354 { 355 char buf[512]; 356 size_t cnt; 357 358 /* Check e_ident field. */ 359 if (ehdr->e_ident[EI_MAG0] != ELFMAG0) 360 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0); 361 if (ehdr->e_ident[EI_MAG1] != ELFMAG1) 362 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1); 363 if (ehdr->e_ident[EI_MAG2] != ELFMAG2) 364 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2); 365 if (ehdr->e_ident[EI_MAG3] != ELFMAG3) 366 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3); 367 368 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32 369 && ehdr->e_ident[EI_CLASS] != ELFCLASS64) 370 ERROR (gettext ("e_ident[%d] == %d is no known class\n"), 371 EI_CLASS, ehdr->e_ident[EI_CLASS]); 372 373 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB 374 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB) 375 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"), 376 EI_DATA, ehdr->e_ident[EI_DATA]); 377 378 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) 379 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"), 380 EI_VERSION, ehdr->e_ident[EI_VERSION]); 381 382 /* We currently don't handle any OS ABIs. */ 383 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE) 384 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"), 385 EI_OSABI, 386 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf))); 387 388 /* No ABI versions other than zero supported either. */ 389 if (ehdr->e_ident[EI_ABIVERSION] != 0) 390 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"), 391 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]); 392 393 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt) 394 if (ehdr->e_ident[cnt] != 0) 395 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt); 396 397 /* Check the e_type field. */ 398 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC 399 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE) 400 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type); 401 402 /* Check the e_machine field. */ 403 for (cnt = 0; cnt < nvalid_e_machine; ++cnt) 404 if (valid_e_machine[cnt] == ehdr->e_machine) 405 break; 406 if (cnt == nvalid_e_machine) 407 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine); 408 409 /* Check the e_version field. */ 410 if (ehdr->e_version != EV_CURRENT) 411 ERROR (gettext ("unknown object file version\n")); 412 413 /* Check the e_phoff and e_phnum fields. */ 414 if (ehdr->e_phoff == 0) 415 { 416 if (ehdr->e_phnum != 0) 417 ERROR (gettext ("invalid program header offset\n")); 418 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 419 ERROR (gettext ("\ 420 executables and DSOs cannot have zero program header offset\n")); 421 } 422 else if (ehdr->e_phnum == 0) 423 ERROR (gettext ("invalid number of program header entries\n")); 424 425 /* Check the e_shoff field. */ 426 shnum = ehdr->e_shnum; 427 shstrndx = ehdr->e_shstrndx; 428 if (ehdr->e_shoff == 0) 429 { 430 if (ehdr->e_shnum != 0) 431 ERROR (gettext ("invalid section header table offset\n")); 432 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 433 && ehdr->e_type != ET_CORE) 434 ERROR (gettext ("section header table must be present\n")); 435 } 436 else 437 { 438 if (ehdr->e_shnum == 0) 439 { 440 /* Get the header of the zeroth section. The sh_size field 441 might contain the section number. */ 442 GElf_Shdr shdr_mem; 443 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 444 if (shdr != NULL) 445 { 446 /* The error will be reported later. */ 447 if (shdr->sh_size == 0) 448 ERROR (gettext ("\ 449 invalid number of section header table entries\n")); 450 else 451 shnum = shdr->sh_size; 452 } 453 } 454 455 if (ehdr->e_shstrndx == SHN_XINDEX) 456 { 457 /* Get the header of the zeroth section. The sh_size field 458 might contain the section number. */ 459 GElf_Shdr shdr_mem; 460 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 461 if (shdr != NULL && shdr->sh_link < shnum) 462 shstrndx = shdr->sh_link; 463 } 464 else if (shstrndx >= shnum) 465 ERROR (gettext ("invalid section header index\n")); 466 } 467 468 /* Check the e_flags field. */ 469 if (!ebl_machine_flag_check (ebl, ehdr->e_flags)) 470 ERROR (gettext ("invalid machine flags: %s\n"), 471 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf))); 472 473 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */ 474 if (gelf_getclass (ebl->elf) == ELFCLASS32) 475 { 476 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr)) 477 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 478 479 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr)) 480 ERROR (gettext ("invalid program header size: %hd\n"), 481 ehdr->e_phentsize); 482 else if (ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize > size) 483 ERROR (gettext ("invalid program header position or size\n")); 484 485 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr)) 486 ERROR (gettext ("invalid section header size: %hd\n"), 487 ehdr->e_shentsize); 488 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size) 489 ERROR (gettext ("invalid section header position or size\n")); 490 } 491 else if (gelf_getclass (ebl->elf) == ELFCLASS64) 492 { 493 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr)) 494 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 495 496 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr)) 497 ERROR (gettext ("invalid program header size: %hd\n"), 498 ehdr->e_phentsize); 499 else if (ehdr->e_phoff + ehdr->e_phnum * ehdr->e_phentsize > size) 500 ERROR (gettext ("invalid program header position or size\n")); 501 502 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr)) 503 ERROR (gettext ("invalid section header size: %hd\n"), 504 ehdr->e_shentsize); 505 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size) 506 ERROR (gettext ("invalid section header position or size\n")); 507 } 508 } 509 510 511 /* Check that there is a section group section with index < IDX which 512 contains section IDX and that there is exactly one. */ 513 static void check_scn_group(Ebl * ebl,int idx)514 check_scn_group (Ebl *ebl, int idx) 515 { 516 if (scnref[idx] == 0) 517 { 518 /* No reference so far. Search following sections, maybe the 519 order is wrong. */ 520 size_t cnt; 521 522 for (cnt = idx + 1; cnt < shnum; ++cnt) 523 { 524 Elf_Scn *scn = elf_getscn (ebl->elf, cnt); 525 GElf_Shdr shdr_mem; 526 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 527 if (shdr == NULL) 528 /* We cannot get the section header so we cannot check it. 529 The error to get the section header will be shown 530 somewhere else. */ 531 continue; 532 533 if (shdr->sh_type != SHT_GROUP) 534 continue; 535 536 Elf_Data *data = elf_getdata (scn, NULL); 537 if (data == NULL || data->d_size < sizeof (Elf32_Word)) 538 /* Cannot check the section. */ 539 continue; 540 541 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf; 542 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word); 543 ++inner) 544 if (grpdata[inner] == (Elf32_Word) idx) 545 goto out; 546 } 547 548 out: 549 if (cnt == shnum) 550 ERROR (gettext ("\ 551 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"), 552 idx, section_name (ebl, idx)); 553 else 554 ERROR (gettext ("\ 555 section [%2d] '%s': section group [%2zu] '%s' does not preceed group member\n"), 556 idx, section_name (ebl, idx), 557 cnt, section_name (ebl, cnt)); 558 } 559 } 560 561 562 static void check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)563 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 564 { 565 bool no_xndx_warned = false; 566 int no_pt_tls = 0; 567 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 568 if (data == NULL) 569 { 570 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 571 idx, section_name (ebl, idx)); 572 return; 573 } 574 575 GElf_Shdr strshdr_mem; 576 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 577 &strshdr_mem); 578 if (strshdr == NULL) 579 return; 580 581 if (strshdr->sh_type != SHT_STRTAB) 582 { 583 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 584 shdr->sh_link, section_name (ebl, shdr->sh_link), 585 idx, section_name (ebl, idx)); 586 strshdr = NULL; 587 } 588 589 /* Search for an extended section index table section. */ 590 Elf_Data *xndxdata = NULL; 591 Elf32_Word xndxscnidx = 0; 592 bool found_xndx = false; 593 for (size_t cnt = 1; cnt < shnum; ++cnt) 594 if (cnt != (size_t) idx) 595 { 596 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt); 597 GElf_Shdr xndxshdr_mem; 598 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem); 599 if (xndxshdr == NULL) 600 continue; 601 602 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX 603 && xndxshdr->sh_link == (GElf_Word) idx) 604 { 605 if (found_xndx) 606 ERROR (gettext ("\ 607 section [%2d] '%s': symbol table cannot have more than one extended index section\n"), 608 idx, section_name (ebl, idx)); 609 610 xndxdata = elf_getdata (xndxscn, NULL); 611 xndxscnidx = elf_ndxscn (xndxscn); 612 found_xndx = true; 613 } 614 } 615 616 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)) 617 ERROR (gettext ("\ 618 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"), 619 idx, section_name (ebl, idx)); 620 621 /* Test the zeroth entry. */ 622 GElf_Sym sym_mem; 623 Elf32_Word xndx; 624 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx); 625 if (sym == NULL) 626 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"), 627 idx, section_name (ebl, idx), 0, elf_errmsg (-1)); 628 else 629 { 630 if (sym->st_name != 0) 631 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 632 idx, section_name (ebl, idx), "st_name"); 633 if (sym->st_value != 0) 634 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 635 idx, section_name (ebl, idx), "st_value"); 636 if (sym->st_size != 0) 637 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 638 idx, section_name (ebl, idx), "st_size"); 639 if (sym->st_info != 0) 640 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 641 idx, section_name (ebl, idx), "st_info"); 642 if (sym->st_other != 0) 643 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 644 idx, section_name (ebl, idx), "st_other"); 645 if (sym->st_shndx != 0) 646 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 647 idx, section_name (ebl, idx), "st_shndx"); 648 if (xndxdata != NULL && xndx != 0) 649 ERROR (gettext ("\ 650 section [%2d] '%s': XINDEX for zeroth entry not zero\n"), 651 xndxscnidx, section_name (ebl, xndxscnidx)); 652 } 653 654 for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 655 { 656 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx); 657 if (sym == NULL) 658 { 659 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"), 660 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 661 continue; 662 } 663 664 const char *name = NULL; 665 if (strshdr == NULL) 666 name = ""; 667 else if (sym->st_name >= strshdr->sh_size) 668 ERROR (gettext ("\ 669 section [%2d] '%s': symbol %zu: invalid name value\n"), 670 idx, section_name (ebl, idx), cnt); 671 else 672 { 673 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name); 674 assert (name != NULL); 675 } 676 677 if (sym->st_shndx == SHN_XINDEX) 678 { 679 if (xndxdata == NULL) 680 { 681 ERROR (gettext ("\ 682 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"), 683 idx, section_name (ebl, idx), cnt); 684 no_xndx_warned = true; 685 } 686 else if (xndx < SHN_LORESERVE) 687 ERROR (gettext ("\ 688 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"), 689 xndxscnidx, section_name (ebl, xndxscnidx), cnt, 690 xndx); 691 } 692 else if ((sym->st_shndx >= SHN_LORESERVE 693 // && sym->st_shndx <= SHN_HIRESERVE always true 694 && sym->st_shndx != SHN_ABS 695 && sym->st_shndx != SHN_COMMON) 696 || (sym->st_shndx >= shnum 697 && (sym->st_shndx < SHN_LORESERVE 698 /* || sym->st_shndx > SHN_HIRESERVE always false */))) 699 ERROR (gettext ("\ 700 section [%2d] '%s': symbol %zu: invalid section index\n"), 701 idx, section_name (ebl, idx), cnt); 702 else 703 xndx = sym->st_shndx; 704 705 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM 706 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0)) 707 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"), 708 idx, section_name (ebl, idx), cnt); 709 710 if (GELF_ST_BIND (sym->st_info) >= STB_NUM) 711 ERROR (gettext ("\ 712 section [%2d] '%s': symbol %zu: unknown symbol binding\n"), 713 idx, section_name (ebl, idx), cnt); 714 715 if (xndx == SHN_COMMON) 716 { 717 /* Common symbols can only appear in relocatable files. */ 718 if (ehdr->e_type != ET_REL) 719 ERROR (gettext ("\ 720 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"), 721 idx, section_name (ebl, idx), cnt); 722 if (cnt < shdr->sh_info) 723 ERROR (gettext ("\ 724 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"), 725 idx, section_name (ebl, idx), cnt); 726 if (GELF_R_TYPE (sym->st_info) == STT_FUNC) 727 ERROR (gettext ("\ 728 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"), 729 idx, section_name (ebl, idx), cnt); 730 } 731 else if (xndx > 0 && xndx < shnum) 732 { 733 GElf_Shdr destshdr_mem; 734 GElf_Shdr *destshdr; 735 736 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem); 737 if (destshdr != NULL) 738 { 739 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0 740 : destshdr->sh_addr); 741 if (GELF_ST_TYPE (sym->st_info) != STT_TLS) 742 { 743 if (! ebl_check_special_symbol (ebl, ehdr, sym, name, 744 destshdr)) 745 { 746 if (sym->st_value - sh_addr > destshdr->sh_size) 747 { 748 /* GNU ld has severe bugs. When it decides to remove 749 empty sections it leaves symbols referencing them 750 behind. These are symbols in .symtab. */ 751 if (!gnuld 752 || strcmp (section_name (ebl, idx), ".symtab") 753 || (strcmp (name, "__preinit_array_start") != 0 754 && strcmp (name, "__preinit_array_end") != 0 755 && strcmp (name, "__init_array_start") != 0 756 && strcmp (name, "__init_array_end") != 0 757 && strcmp (name, "__fini_array_start") != 0 758 && strcmp (name, "__fini_array_end") != 0)) 759 ERROR (gettext ("\ 760 section [%2d] '%s': symbol %zu: st_value out of bounds\n"), 761 idx, section_name (ebl, idx), cnt); 762 } 763 else if ((sym->st_value - sh_addr 764 + sym->st_size) > destshdr->sh_size) 765 ERROR (gettext ("\ 766 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 767 idx, section_name (ebl, idx), cnt, 768 (int) xndx, section_name (ebl, xndx)); 769 } 770 } 771 else 772 { 773 if ((destshdr->sh_flags & SHF_TLS) == 0) 774 ERROR (gettext ("\ 775 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"), 776 idx, section_name (ebl, idx), cnt, 777 (int) xndx, section_name (ebl, xndx)); 778 779 if (ehdr->e_type == ET_REL) 780 { 781 /* For object files the symbol value must fall 782 into the section. */ 783 if (sym->st_value > destshdr->sh_size) 784 ERROR (gettext ("\ 785 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 786 idx, section_name (ebl, idx), cnt, 787 (int) xndx, section_name (ebl, xndx)); 788 else if (sym->st_value + sym->st_size 789 > destshdr->sh_size) 790 ERROR (gettext ("\ 791 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 792 idx, section_name (ebl, idx), cnt, 793 (int) xndx, section_name (ebl, xndx)); 794 } 795 else 796 { 797 GElf_Phdr phdr_mem; 798 GElf_Phdr *phdr = NULL; 799 int pcnt; 800 801 for (pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt) 802 { 803 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 804 if (phdr != NULL && phdr->p_type == PT_TLS) 805 break; 806 } 807 808 if (pcnt == ehdr->e_phnum) 809 { 810 if (no_pt_tls++ == 0) 811 ERROR (gettext ("\ 812 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"), 813 idx, section_name (ebl, idx), cnt); 814 } 815 else 816 { 817 if (sym->st_value 818 < destshdr->sh_offset - phdr->p_offset) 819 ERROR (gettext ("\ 820 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"), 821 idx, section_name (ebl, idx), cnt, 822 (int) xndx, section_name (ebl, xndx)); 823 else if (sym->st_value 824 > (destshdr->sh_offset - phdr->p_offset 825 + destshdr->sh_size)) 826 ERROR (gettext ("\ 827 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 828 idx, section_name (ebl, idx), cnt, 829 (int) xndx, section_name (ebl, xndx)); 830 else if (sym->st_value + sym->st_size 831 > (destshdr->sh_offset - phdr->p_offset 832 + destshdr->sh_size)) 833 ERROR (gettext ("\ 834 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 835 idx, section_name (ebl, idx), cnt, 836 (int) xndx, section_name (ebl, xndx)); 837 } 838 } 839 } 840 } 841 } 842 843 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 844 { 845 if (cnt >= shdr->sh_info) 846 ERROR (gettext ("\ 847 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"), 848 idx, section_name (ebl, idx), cnt); 849 } 850 else 851 { 852 if (cnt < shdr->sh_info) 853 ERROR (gettext ("\ 854 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"), 855 idx, section_name (ebl, idx), cnt); 856 } 857 858 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION 859 && GELF_ST_BIND (sym->st_info) != STB_LOCAL) 860 ERROR (gettext ("\ 861 section [%2d] '%s': symbol %zu: non-local section symbol\n"), 862 idx, section_name (ebl, idx), cnt); 863 864 if (name != NULL) 865 { 866 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0) 867 { 868 /* Check that address and size match the global offset table. */ 869 870 GElf_Shdr destshdr_mem; 871 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), 872 &destshdr_mem); 873 874 if (destshdr == NULL && xndx == SHN_ABS) 875 { 876 /* In a DSO, we have to find the GOT section by name. */ 877 Elf_Scn *gotscn = NULL; 878 Elf_Scn *gscn = NULL; 879 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL) 880 { 881 destshdr = gelf_getshdr (gscn, &destshdr_mem); 882 assert (destshdr != NULL); 883 const char *sname = elf_strptr (ebl->elf, 884 ehdr->e_shstrndx, 885 destshdr->sh_name); 886 if (sname != NULL) 887 { 888 if (strcmp (sname, ".got.plt") == 0) 889 break; 890 if (strcmp (sname, ".got") == 0) 891 /* Do not stop looking. 892 There might be a .got.plt section. */ 893 gotscn = gscn; 894 } 895 896 destshdr = NULL; 897 } 898 899 if (destshdr == NULL && gotscn != NULL) 900 destshdr = gelf_getshdr (gotscn, &destshdr_mem); 901 } 902 903 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF) 904 ? NULL 905 : elf_strptr (ebl->elf, ehdr->e_shstrndx, 906 destshdr->sh_name)); 907 if (sname == NULL) 908 { 909 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL) 910 ERROR (gettext ("\ 911 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 912 bad section [%2d]\n"), 913 idx, section_name (ebl, idx), xndx); 914 } 915 else if (strcmp (sname, ".got.plt") != 0 916 && strcmp (sname, ".got") != 0) 917 ERROR (gettext ("\ 918 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 919 section [%2d] '%s'\n"), 920 idx, section_name (ebl, idx), xndx, sname); 921 922 if (destshdr != NULL) 923 { 924 /* Found it. */ 925 if (!ebl_check_special_symbol (ebl, ehdr, sym, name, 926 destshdr)) 927 { 928 if (ehdr->e_type != ET_REL 929 && sym->st_value != destshdr->sh_addr) 930 /* This test is more strict than the psABIs which 931 usually allow the symbol to be in the middle of 932 the .got section, allowing negative offsets. */ 933 ERROR (gettext ("\ 934 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"), 935 idx, section_name (ebl, idx), 936 (uint64_t) sym->st_value, 937 sname, (uint64_t) destshdr->sh_addr); 938 939 if (!gnuld && sym->st_size != destshdr->sh_size) 940 ERROR (gettext ("\ 941 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"), 942 idx, section_name (ebl, idx), 943 (uint64_t) sym->st_size, 944 sname, (uint64_t) destshdr->sh_size); 945 } 946 } 947 else 948 ERROR (gettext ("\ 949 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"), 950 idx, section_name (ebl, idx)); 951 } 952 else if (strcmp (name, "_DYNAMIC") == 0) 953 /* Check that address and size match the dynamic section. 954 We locate the dynamic section via the program header 955 entry. */ 956 for (int pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt) 957 { 958 GElf_Phdr phdr_mem; 959 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 960 961 if (phdr != NULL && phdr->p_type == PT_DYNAMIC) 962 { 963 if (sym->st_value != phdr->p_vaddr) 964 ERROR (gettext ("\ 965 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"), 966 idx, section_name (ebl, idx), 967 (uint64_t) sym->st_value, 968 (uint64_t) phdr->p_vaddr); 969 970 if (!gnuld && sym->st_size != phdr->p_memsz) 971 ERROR (gettext ("\ 972 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"), 973 idx, section_name (ebl, idx), 974 (uint64_t) sym->st_size, 975 (uint64_t) phdr->p_memsz); 976 977 break; 978 } 979 } 980 } 981 } 982 } 983 984 985 static bool is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)986 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr, 987 bool is_rela) 988 { 989 /* If this is no executable or DSO it cannot be a .rel.dyn section. */ 990 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 991 return false; 992 993 /* Check the section name. Unfortunately necessary. */ 994 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn")) 995 return false; 996 997 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section 998 entry can be present as well. */ 999 Elf_Scn *scn = NULL; 1000 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 1001 { 1002 GElf_Shdr rcshdr_mem; 1003 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem); 1004 assert (rcshdr != NULL); 1005 1006 if (rcshdr->sh_type == SHT_DYNAMIC) 1007 { 1008 /* Found the dynamic section. Look through it. */ 1009 Elf_Data *d = elf_getdata (scn, NULL); 1010 size_t cnt; 1011 1012 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt) 1013 { 1014 GElf_Dyn dyn_mem; 1015 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem); 1016 assert (dyn != NULL); 1017 1018 if (dyn->d_tag == DT_RELCOUNT) 1019 { 1020 /* Found it. Does the type match. */ 1021 if (is_rela) 1022 ERROR (gettext ("\ 1023 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"), 1024 idx, section_name (ebl, idx)); 1025 else 1026 { 1027 /* Does the number specified number of relative 1028 relocations exceed the total number of 1029 relocations? */ 1030 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1031 ERROR (gettext ("\ 1032 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1033 idx, section_name (ebl, idx), 1034 (int) dyn->d_un.d_val); 1035 1036 /* Make sure the specified number of relocations are 1037 relative. */ 1038 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1039 idx), NULL); 1040 if (reldata != NULL) 1041 for (size_t inner = 0; 1042 inner < shdr->sh_size / shdr->sh_entsize; 1043 ++inner) 1044 { 1045 GElf_Rel rel_mem; 1046 GElf_Rel *rel = gelf_getrel (reldata, inner, 1047 &rel_mem); 1048 if (rel == NULL) 1049 /* The problem will be reported elsewhere. */ 1050 break; 1051 1052 if (ebl_relative_reloc_p (ebl, 1053 GELF_R_TYPE (rel->r_info))) 1054 { 1055 if (inner >= dyn->d_un.d_val) 1056 ERROR (gettext ("\ 1057 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1058 idx, section_name (ebl, idx), 1059 (int) dyn->d_un.d_val); 1060 } 1061 else if (inner < dyn->d_un.d_val) 1062 ERROR (gettext ("\ 1063 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1064 idx, section_name (ebl, idx), 1065 inner, (int) dyn->d_un.d_val); 1066 } 1067 } 1068 } 1069 1070 if (dyn->d_tag == DT_RELACOUNT) 1071 { 1072 /* Found it. Does the type match. */ 1073 if (!is_rela) 1074 ERROR (gettext ("\ 1075 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"), 1076 idx, section_name (ebl, idx)); 1077 else 1078 { 1079 /* Does the number specified number of relative 1080 relocations exceed the total number of 1081 relocations? */ 1082 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1083 ERROR (gettext ("\ 1084 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1085 idx, section_name (ebl, idx), 1086 (int) dyn->d_un.d_val); 1087 1088 /* Make sure the specified number of relocations are 1089 relative. */ 1090 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1091 idx), NULL); 1092 if (reldata != NULL) 1093 for (size_t inner = 0; 1094 inner < shdr->sh_size / shdr->sh_entsize; 1095 ++inner) 1096 { 1097 GElf_Rela rela_mem; 1098 GElf_Rela *rela = gelf_getrela (reldata, inner, 1099 &rela_mem); 1100 if (rela == NULL) 1101 /* The problem will be reported elsewhere. */ 1102 break; 1103 1104 if (ebl_relative_reloc_p (ebl, 1105 GELF_R_TYPE (rela->r_info))) 1106 { 1107 if (inner >= dyn->d_un.d_val) 1108 ERROR (gettext ("\ 1109 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1110 idx, section_name (ebl, idx), 1111 (int) dyn->d_un.d_val); 1112 } 1113 else if (inner < dyn->d_un.d_val) 1114 ERROR (gettext ("\ 1115 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1116 idx, section_name (ebl, idx), 1117 inner, (int) dyn->d_un.d_val); 1118 } 1119 } 1120 } 1121 } 1122 1123 break; 1124 } 1125 } 1126 1127 return true; 1128 } 1129 1130 1131 struct loaded_segment 1132 { 1133 GElf_Addr from; 1134 GElf_Addr to; 1135 bool read_only; 1136 struct loaded_segment *next; 1137 }; 1138 1139 1140 /* Check whether binary has text relocation flag set. */ 1141 static bool textrel; 1142 1143 /* Keep track of whether text relocation flag is needed. */ 1144 static bool needed_textrel; 1145 1146 1147 static bool check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1148 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr, 1149 int idx, int reltype, GElf_Shdr **destshdrp, 1150 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp) 1151 { 1152 bool reldyn = false; 1153 1154 /* Check whether the link to the section we relocate is reasonable. */ 1155 if (shdr->sh_info >= shnum) 1156 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"), 1157 idx, section_name (ebl, idx)); 1158 else if (shdr->sh_info != 0) 1159 { 1160 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info), 1161 destshdr_memp); 1162 if (*destshdrp != NULL) 1163 { 1164 if((*destshdrp)->sh_type != SHT_PROGBITS 1165 && (*destshdrp)->sh_type != SHT_NOBITS) 1166 { 1167 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true); 1168 if (!reldyn) 1169 ERROR (gettext ("\ 1170 section [%2d] '%s': invalid destination section type\n"), 1171 idx, section_name (ebl, idx)); 1172 else 1173 { 1174 /* There is no standard, but we require that .rel{,a}.dyn 1175 sections have a sh_info value of zero. */ 1176 if (shdr->sh_info != 0) 1177 ERROR (gettext ("\ 1178 section [%2d] '%s': sh_info should be zero\n"), 1179 idx, section_name (ebl, idx)); 1180 } 1181 } 1182 1183 if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0) 1184 ERROR (gettext ("\ 1185 section [%2d] '%s': no relocations for merge-able sections possible\n"), 1186 idx, section_name (ebl, idx)); 1187 } 1188 } 1189 1190 if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT)) 1191 ERROR (gettext (reltype == ELF_T_RELA ? "\ 1192 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\ 1193 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"), 1194 idx, section_name (ebl, idx)); 1195 1196 /* In preparation of checking whether relocations are text 1197 relocations or not we need to determine whether the file is 1198 flagged to have text relocation and we need to determine a) what 1199 the loaded segments are and b) which are read-only. This will 1200 also allow us to determine whether the same reloc section is 1201 modifying loaded and not loaded segments. */ 1202 for (int i = 0; i < ehdr->e_phnum; ++i) 1203 { 1204 GElf_Phdr phdr_mem; 1205 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); 1206 if (phdr == NULL) 1207 continue; 1208 1209 if (phdr->p_type == PT_LOAD) 1210 { 1211 struct loaded_segment *newp = xmalloc (sizeof (*newp)); 1212 newp->from = phdr->p_vaddr; 1213 newp->to = phdr->p_vaddr + phdr->p_memsz; 1214 newp->read_only = (phdr->p_flags & PF_W) == 0; 1215 newp->next = *loadedp; 1216 *loadedp = newp; 1217 } 1218 else if (phdr->p_type == PT_DYNAMIC) 1219 { 1220 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset); 1221 GElf_Shdr dynshdr_mem; 1222 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem); 1223 Elf_Data *dyndata = elf_getdata (dynscn, NULL); 1224 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC 1225 && dyndata != NULL) 1226 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j) 1227 { 1228 GElf_Dyn dyn_mem; 1229 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem); 1230 if (dyn != NULL 1231 && (dyn->d_tag == DT_TEXTREL 1232 || (dyn->d_tag == DT_FLAGS 1233 && (dyn->d_un.d_val & DF_TEXTREL) != 0))) 1234 { 1235 textrel = true; 1236 break; 1237 } 1238 } 1239 } 1240 } 1241 1242 /* A quick test which can be easily done here (although it is a bit 1243 out of place): the text relocation flag makes only sense if there 1244 is a segment which is not writable. */ 1245 if (textrel) 1246 { 1247 struct loaded_segment *seg = *loadedp; 1248 while (seg != NULL && !seg->read_only) 1249 seg = seg->next; 1250 if (seg == NULL) 1251 ERROR (gettext ("\ 1252 text relocation flag set but there is no read-only segment\n")); 1253 } 1254 1255 return reldyn; 1256 } 1257 1258 1259 enum load_state 1260 { 1261 state_undecided, 1262 state_loaded, 1263 state_unloaded, 1264 state_error 1265 }; 1266 1267 1268 static void check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1269 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx, 1270 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata, 1271 GElf_Addr r_offset, GElf_Xword r_info, 1272 const GElf_Shdr *destshdr, bool reldyn, 1273 struct loaded_segment *loaded, enum load_state *statep) 1274 { 1275 bool known_broken = gnuld; 1276 1277 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info))) 1278 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"), 1279 idx, section_name (ebl, idx), cnt); 1280 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1281 /* The executable/DSO can contain relocation sections with 1282 all the relocations the linker has applied. Those sections 1283 are marked non-loaded, though. */ 1284 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1285 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info))) 1286 ERROR (gettext ("\ 1287 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"), 1288 idx, section_name (ebl, idx), cnt); 1289 1290 if (symshdr != NULL 1291 && ((GELF_R_SYM (r_info) + 1) 1292 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT) 1293 > symshdr->sh_size)) 1294 ERROR (gettext ("\ 1295 section [%2d] '%s': relocation %zu: invalid symbol index\n"), 1296 idx, section_name (ebl, idx), cnt); 1297 1298 /* No more tests if this is a no-op relocation. */ 1299 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info))) 1300 return; 1301 1302 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info))) 1303 { 1304 const char *name; 1305 char buf[64]; 1306 GElf_Sym sym_mem; 1307 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1308 if (sym != NULL 1309 /* Get the name for the symbol. */ 1310 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name)) 1311 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 ) 1312 ERROR (gettext ("\ 1313 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"), 1314 idx, section_name (ebl, idx), cnt, 1315 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info), 1316 buf, sizeof (buf))); 1317 } 1318 1319 if (reldyn) 1320 { 1321 // XXX TODO Check .rel.dyn section addresses. 1322 } 1323 else if (!known_broken) 1324 { 1325 if (destshdr != NULL 1326 && GELF_R_TYPE (r_info) != 0 1327 && (r_offset - (ehdr->e_type == ET_REL ? 0 1328 : destshdr->sh_addr)) >= destshdr->sh_size) 1329 ERROR (gettext ("\ 1330 section [%2d] '%s': relocation %zu: offset out of bounds\n"), 1331 idx, section_name (ebl, idx), cnt); 1332 } 1333 1334 GElf_Sym sym_mem; 1335 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1336 1337 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info)) 1338 /* Make sure the referenced symbol is an object or unspecified. */ 1339 && sym != NULL 1340 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE 1341 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 1342 { 1343 char buf[64]; 1344 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"), 1345 idx, section_name (ebl, idx), cnt, 1346 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), 1347 buf, sizeof (buf))); 1348 } 1349 1350 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1351 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1352 { 1353 bool in_loaded_seg = false; 1354 while (loaded != NULL) 1355 { 1356 if (r_offset < loaded->to 1357 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from) 1358 { 1359 /* The symbol is in this segment. */ 1360 if (loaded->read_only) 1361 { 1362 if (textrel) 1363 needed_textrel = true; 1364 else 1365 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"), 1366 idx, section_name (ebl, idx), cnt); 1367 } 1368 1369 in_loaded_seg = true; 1370 } 1371 1372 loaded = loaded->next; 1373 } 1374 1375 if (*statep == state_undecided) 1376 *statep = in_loaded_seg ? state_loaded : state_unloaded; 1377 else if ((*statep == state_unloaded && in_loaded_seg) 1378 || (*statep == state_loaded && !in_loaded_seg)) 1379 { 1380 ERROR (gettext ("\ 1381 section [%2d] '%s': relocations are against loaded and unloaded data\n"), 1382 idx, section_name (ebl, idx)); 1383 *statep = state_error; 1384 } 1385 } 1386 } 1387 1388 1389 static void check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1390 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1391 { 1392 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1393 if (data == NULL) 1394 { 1395 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1396 idx, section_name (ebl, idx)); 1397 return; 1398 } 1399 1400 /* Check the fields of the section header. */ 1401 GElf_Shdr destshdr_mem; 1402 GElf_Shdr *destshdr = NULL; 1403 struct loaded_segment *loaded = NULL; 1404 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr, 1405 &destshdr_mem, &loaded); 1406 1407 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1408 GElf_Shdr symshdr_mem; 1409 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1410 Elf_Data *symdata = elf_getdata (symscn, NULL); 1411 enum load_state state = state_undecided; 1412 1413 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1414 { 1415 GElf_Rela rela_mem; 1416 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem); 1417 if (rela == NULL) 1418 { 1419 ERROR (gettext ("\ 1420 section [%2d] '%s': cannot get relocation %zu: %s\n"), 1421 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1422 continue; 1423 } 1424 1425 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1426 rela->r_offset, rela->r_info, destshdr, reldyn, loaded, 1427 &state); 1428 } 1429 1430 while (loaded != NULL) 1431 { 1432 struct loaded_segment *old = loaded; 1433 loaded = loaded->next; 1434 free (old); 1435 } 1436 } 1437 1438 1439 static void check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1440 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1441 { 1442 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1443 if (data == NULL) 1444 { 1445 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1446 idx, section_name (ebl, idx)); 1447 return; 1448 } 1449 1450 /* Check the fields of the section header. */ 1451 GElf_Shdr destshdr_mem; 1452 GElf_Shdr *destshdr = NULL; 1453 struct loaded_segment *loaded = NULL; 1454 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr, 1455 &destshdr_mem, &loaded); 1456 1457 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1458 GElf_Shdr symshdr_mem; 1459 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1460 Elf_Data *symdata = elf_getdata (symscn, NULL); 1461 enum load_state state = state_undecided; 1462 1463 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1464 { 1465 GElf_Rel rel_mem; 1466 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem); 1467 if (rel == NULL) 1468 { 1469 ERROR (gettext ("\ 1470 section [%2d] '%s': cannot get relocation %zu: %s\n"), 1471 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1472 continue; 1473 } 1474 1475 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1476 rel->r_offset, rel->r_info, destshdr, reldyn, loaded, 1477 &state); 1478 } 1479 1480 while (loaded != NULL) 1481 { 1482 struct loaded_segment *old = loaded; 1483 loaded = loaded->next; 1484 free (old); 1485 } 1486 } 1487 1488 1489 /* Number of dynamic sections. */ 1490 static int ndynamic; 1491 1492 1493 static void check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1494 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1495 { 1496 Elf_Data *data; 1497 GElf_Shdr strshdr_mem; 1498 GElf_Shdr *strshdr; 1499 size_t cnt; 1500 static const bool dependencies[DT_NUM][DT_NUM] = 1501 { 1502 [DT_NEEDED] = { [DT_STRTAB] = true }, 1503 [DT_PLTRELSZ] = { [DT_JMPREL] = true }, 1504 [DT_HASH] = { [DT_SYMTAB] = true }, 1505 [DT_STRTAB] = { [DT_STRSZ] = true }, 1506 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true }, 1507 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true }, 1508 [DT_RELASZ] = { [DT_RELA] = true }, 1509 [DT_RELAENT] = { [DT_RELA] = true }, 1510 [DT_STRSZ] = { [DT_STRTAB] = true }, 1511 [DT_SYMENT] = { [DT_SYMTAB] = true }, 1512 [DT_SONAME] = { [DT_STRTAB] = true }, 1513 [DT_RPATH] = { [DT_STRTAB] = true }, 1514 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true }, 1515 [DT_RELSZ] = { [DT_REL] = true }, 1516 [DT_RELENT] = { [DT_REL] = true }, 1517 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true }, 1518 [DT_RUNPATH] = { [DT_STRTAB] = true }, 1519 [DT_PLTREL] = { [DT_JMPREL] = true }, 1520 }; 1521 bool has_dt[DT_NUM]; 1522 bool has_val_dt[DT_VALNUM]; 1523 bool has_addr_dt[DT_ADDRNUM]; 1524 static const bool level2[DT_NUM] = 1525 { 1526 [DT_RPATH] = true, 1527 [DT_SYMBOLIC] = true, 1528 [DT_TEXTREL] = true, 1529 [DT_BIND_NOW] = true 1530 }; 1531 static const bool mandatory[DT_NUM] = 1532 { 1533 [DT_NULL] = true, 1534 [DT_STRTAB] = true, 1535 [DT_SYMTAB] = true, 1536 [DT_STRSZ] = true, 1537 [DT_SYMENT] = true 1538 }; 1539 GElf_Addr reladdr = 0; 1540 GElf_Word relsz = 0; 1541 GElf_Addr pltreladdr = 0; 1542 GElf_Word pltrelsz = 0; 1543 1544 memset (has_dt, '\0', sizeof (has_dt)); 1545 memset (has_val_dt, '\0', sizeof (has_val_dt)); 1546 memset (has_addr_dt, '\0', sizeof (has_addr_dt)); 1547 1548 if (++ndynamic == 2) 1549 ERROR (gettext ("more than one dynamic section present\n")); 1550 1551 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1552 if (data == NULL) 1553 { 1554 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1555 idx, section_name (ebl, idx)); 1556 return; 1557 } 1558 1559 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem); 1560 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB) 1561 ERROR (gettext ("\ 1562 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 1563 shdr->sh_link, section_name (ebl, shdr->sh_link), 1564 idx, section_name (ebl, idx)); 1565 1566 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT)) 1567 ERROR (gettext ("\ 1568 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"), 1569 idx, section_name (ebl, idx)); 1570 1571 if (shdr->sh_info != 0) 1572 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1573 idx, section_name (ebl, idx)); 1574 1575 bool non_null_warned = false; 1576 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1577 { 1578 GElf_Dyn dyn_mem; 1579 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem); 1580 if (dyn == NULL) 1581 { 1582 ERROR (gettext ("\ 1583 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"), 1584 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1585 continue; 1586 } 1587 1588 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned) 1589 { 1590 ERROR (gettext ("\ 1591 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"), 1592 idx, section_name (ebl, idx)); 1593 non_null_warned = true; 1594 } 1595 1596 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag)) 1597 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"), 1598 idx, section_name (ebl, idx), cnt); 1599 1600 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM) 1601 { 1602 if (has_dt[dyn->d_tag] 1603 && dyn->d_tag != DT_NEEDED 1604 && dyn->d_tag != DT_NULL 1605 && dyn->d_tag != DT_POSFLAG_1) 1606 { 1607 char buf[50]; 1608 ERROR (gettext ("\ 1609 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"), 1610 idx, section_name (ebl, idx), cnt, 1611 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1612 buf, sizeof (buf))); 1613 } 1614 1615 if (be_strict && level2[dyn->d_tag]) 1616 { 1617 char buf[50]; 1618 ERROR (gettext ("\ 1619 section [%2d] '%s': entry %zu: level 2 tag %s used\n"), 1620 idx, section_name (ebl, idx), cnt, 1621 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1622 buf, sizeof (buf))); 1623 } 1624 1625 has_dt[dyn->d_tag] = true; 1626 } 1627 else if (dyn->d_tag <= DT_VALRNGHI 1628 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM) 1629 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true; 1630 else if (dyn->d_tag <= DT_ADDRRNGHI 1631 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) 1632 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true; 1633 1634 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL 1635 && dyn->d_un.d_val != DT_RELA) 1636 ERROR (gettext ("\ 1637 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"), 1638 idx, section_name (ebl, idx), cnt); 1639 1640 if (dyn->d_tag == DT_REL) 1641 reladdr = dyn->d_un.d_ptr; 1642 if (dyn->d_tag == DT_RELSZ) 1643 relsz = dyn->d_un.d_val; 1644 if (dyn->d_tag == DT_JMPREL) 1645 pltreladdr = dyn->d_un.d_ptr; 1646 if (dyn->d_tag == DT_PLTRELSZ) 1647 pltrelsz = dyn->d_un.d_val; 1648 1649 /* Check that addresses for entries are in loaded segments. */ 1650 switch (dyn->d_tag) 1651 { 1652 size_t n; 1653 case DT_STRTAB: 1654 /* We require the referenced section is the same as the one 1655 specified in sh_link. */ 1656 if (strshdr->sh_addr != dyn->d_un.d_val) 1657 { 1658 ERROR (gettext ("\ 1659 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"), 1660 idx, section_name (ebl, idx), cnt, 1661 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1662 break; 1663 } 1664 goto check_addr; 1665 1666 default: 1667 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI) 1668 /* Value is no pointer. */ 1669 break; 1670 /* FALLTHROUGH */ 1671 1672 case DT_AUXILIARY: 1673 case DT_FILTER: 1674 case DT_FINI: 1675 case DT_FINI_ARRAY: 1676 case DT_HASH: 1677 case DT_INIT: 1678 case DT_INIT_ARRAY: 1679 case DT_JMPREL: 1680 case DT_PLTGOT: 1681 case DT_REL: 1682 case DT_RELA: 1683 case DT_SYMBOLIC: 1684 case DT_SYMTAB: 1685 case DT_VERDEF: 1686 case DT_VERNEED: 1687 case DT_VERSYM: 1688 check_addr: 1689 for (n = 0; n < ehdr->e_phnum; ++n) 1690 { 1691 GElf_Phdr phdr_mem; 1692 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem); 1693 if (phdr != NULL && phdr->p_type == PT_LOAD 1694 && phdr->p_vaddr <= dyn->d_un.d_ptr 1695 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr) 1696 break; 1697 } 1698 if (unlikely (n >= ehdr->e_phnum)) 1699 { 1700 char buf[50]; 1701 ERROR (gettext ("\ 1702 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"), 1703 idx, section_name (ebl, idx), cnt, 1704 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1705 sizeof (buf))); 1706 } 1707 break; 1708 1709 case DT_NEEDED: 1710 case DT_RPATH: 1711 case DT_RUNPATH: 1712 case DT_SONAME: 1713 if (dyn->d_un.d_ptr >= strshdr->sh_size) 1714 { 1715 char buf[50]; 1716 ERROR (gettext ("\ 1717 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"), 1718 idx, section_name (ebl, idx), cnt, 1719 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1720 sizeof (buf)), 1721 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1722 } 1723 break; 1724 } 1725 } 1726 1727 for (cnt = 1; cnt < DT_NUM; ++cnt) 1728 if (has_dt[cnt]) 1729 { 1730 for (int inner = 0; inner < DT_NUM; ++inner) 1731 if (dependencies[cnt][inner] && ! has_dt[inner]) 1732 { 1733 char buf1[50]; 1734 char buf2[50]; 1735 1736 ERROR (gettext ("\ 1737 section [%2d] '%s': contains %s entry but not %s\n"), 1738 idx, section_name (ebl, idx), 1739 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)), 1740 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2))); 1741 } 1742 } 1743 else 1744 { 1745 if (mandatory[cnt]) 1746 { 1747 char buf[50]; 1748 ERROR (gettext ("\ 1749 section [%2d] '%s': mandatory tag %s not present\n"), 1750 idx, section_name (ebl, idx), 1751 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf))); 1752 } 1753 } 1754 1755 /* Make sure we have an hash table. */ 1756 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]) 1757 ERROR (gettext ("\ 1758 section [%2d] '%s': no hash section present\n"), 1759 idx, section_name (ebl, idx)); 1760 1761 /* The GNU-style hash table also needs a symbol table. */ 1762 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)] 1763 && !has_dt[DT_SYMTAB]) 1764 ERROR (gettext ("\ 1765 section [%2d] '%s': contains %s entry but not %s\n"), 1766 idx, section_name (ebl, idx), 1767 "DT_GNU_HASH", "DT_SYMTAB"); 1768 1769 /* Check the rel/rela tags. At least one group must be available. */ 1770 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT]) 1771 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT])) 1772 ERROR (gettext ("\ 1773 section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1774 idx, section_name (ebl, idx), 1775 "DT_RELA", "DT_RELASZ", "DT_RELAENT"); 1776 1777 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT]) 1778 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT])) 1779 ERROR (gettext ("\ 1780 section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1781 idx, section_name (ebl, idx), 1782 "DT_REL", "DT_RELSZ", "DT_RELENT"); 1783 1784 /* Check that all prelink sections are present if any of them is. */ 1785 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)] 1786 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1787 { 1788 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]) 1789 ERROR (gettext ("\ 1790 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1791 idx, section_name (ebl, idx), "DT_GNU_PRELINKED"); 1792 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1793 ERROR (gettext ("\ 1794 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1795 idx, section_name (ebl, idx), "DT_CHECKSUM"); 1796 1797 /* Only DSOs can be marked like this. */ 1798 if (ehdr->e_type != ET_DYN) 1799 ERROR (gettext ("\ 1800 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"), 1801 idx, section_name (ebl, idx)); 1802 } 1803 1804 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)] 1805 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)] 1806 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)] 1807 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1808 { 1809 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]) 1810 ERROR (gettext ("\ 1811 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1812 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ"); 1813 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]) 1814 ERROR (gettext ("\ 1815 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1816 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ"); 1817 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]) 1818 ERROR (gettext ("\ 1819 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1820 idx, section_name (ebl, idx), "DT_GNU_CONFLICT"); 1821 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1822 ERROR (gettext ("\ 1823 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1824 idx, section_name (ebl, idx), "DT_GNU_LIBLIST"); 1825 } 1826 } 1827 1828 1829 static void check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1830 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1831 { 1832 if (ehdr->e_type != ET_REL) 1833 { 1834 ERROR (gettext ("\ 1835 section [%2d] '%s': only relocatable files can have extended section index\n"), 1836 idx, section_name (ebl, idx)); 1837 return; 1838 } 1839 1840 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1841 GElf_Shdr symshdr_mem; 1842 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1843 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB) 1844 ERROR (gettext ("\ 1845 section [%2d] '%s': extended section index section not for symbol table\n"), 1846 idx, section_name (ebl, idx)); 1847 Elf_Data *symdata = elf_getdata (symscn, NULL); 1848 if (symdata == NULL) 1849 ERROR (gettext ("cannot get data for symbol section\n")); 1850 1851 if (shdr->sh_entsize != sizeof (Elf32_Word)) 1852 ERROR (gettext ("\ 1853 section [%2d] '%s': entry size does not match Elf32_Word\n"), 1854 idx, section_name (ebl, idx)); 1855 1856 if (symshdr != NULL 1857 && (shdr->sh_size / shdr->sh_entsize 1858 < symshdr->sh_size / symshdr->sh_entsize)) 1859 ERROR (gettext ("\ 1860 section [%2d] '%s': extended index table too small for symbol table\n"), 1861 idx, section_name (ebl, idx)); 1862 1863 if (shdr->sh_info != 0) 1864 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1865 idx, section_name (ebl, idx)); 1866 1867 for (size_t cnt = idx + 1; cnt < shnum; ++cnt) 1868 { 1869 GElf_Shdr rshdr_mem; 1870 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem); 1871 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX 1872 && rshdr->sh_link == shdr->sh_link) 1873 { 1874 ERROR (gettext ("\ 1875 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"), 1876 idx, section_name (ebl, idx), 1877 cnt, section_name (ebl, cnt)); 1878 break; 1879 } 1880 } 1881 1882 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1883 1884 if (*((Elf32_Word *) data->d_buf) != 0) 1885 ERROR (gettext ("symbol 0 should have zero extended section index\n")); 1886 1887 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt) 1888 { 1889 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt]; 1890 1891 if (xndx != 0) 1892 { 1893 GElf_Sym sym_data; 1894 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data); 1895 if (sym == NULL) 1896 { 1897 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt); 1898 continue; 1899 } 1900 1901 if (sym->st_shndx != SHN_XINDEX) 1902 ERROR (gettext ("\ 1903 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"), 1904 (uint32_t) xndx); 1905 } 1906 } 1907 } 1908 1909 1910 static void check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1911 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1912 GElf_Shdr *symshdr) 1913 { 1914 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0]; 1915 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1]; 1916 1917 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 1918 ERROR (gettext ("\ 1919 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 1920 idx, section_name (ebl, idx), (long int) shdr->sh_size, 1921 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 1922 1923 size_t maxidx = nchain; 1924 1925 if (symshdr != NULL) 1926 { 1927 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 1928 1929 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 1930 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 1931 idx, section_name (ebl, idx)); 1932 1933 maxidx = symsize; 1934 } 1935 1936 size_t cnt; 1937 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 1938 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx) 1939 ERROR (gettext ("\ 1940 section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 1941 idx, section_name (ebl, idx), cnt - 2); 1942 1943 for (; cnt < 2 + nbucket + nchain; ++cnt) 1944 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx) 1945 ERROR (gettext ("\ 1946 section [%2d] '%s': hash chain reference %zu out of bounds\n"), 1947 idx, section_name (ebl, idx), cnt - 2 - nbucket); 1948 } 1949 1950 1951 static void check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1952 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1953 GElf_Shdr *symshdr) 1954 { 1955 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0]; 1956 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1]; 1957 1958 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 1959 ERROR (gettext ("\ 1960 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 1961 idx, section_name (ebl, idx), (long int) shdr->sh_size, 1962 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 1963 1964 size_t maxidx = nchain; 1965 1966 if (symshdr != NULL) 1967 { 1968 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 1969 1970 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 1971 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 1972 idx, section_name (ebl, idx)); 1973 1974 maxidx = symsize; 1975 } 1976 1977 size_t cnt; 1978 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 1979 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx) 1980 ERROR (gettext ("\ 1981 section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 1982 idx, section_name (ebl, idx), cnt - 2); 1983 1984 for (; cnt < 2 + nbucket + nchain; ++cnt) 1985 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx) 1986 ERROR (gettext ("\ 1987 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"), 1988 idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket)); 1989 } 1990 1991 1992 static void check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1993 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1994 GElf_Shdr *symshdr) 1995 { 1996 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0]; 1997 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1]; 1998 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2]; 1999 2000 if (!powerof2 (bitmask_words)) 2001 ERROR (gettext ("\ 2002 section [%2d] '%s': bitmask size not power of 2: %u\n"), 2003 idx, section_name (ebl, idx), bitmask_words); 2004 2005 size_t bitmask_idxmask = bitmask_words - 1; 2006 if (gelf_getclass (ebl->elf) == ELFCLASS64) 2007 bitmask_words *= 2; 2008 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3]; 2009 2010 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)) 2011 { 2012 ERROR (gettext ("\ 2013 section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"), 2014 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2015 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))); 2016 return; 2017 } 2018 2019 if (shift > 31) 2020 ERROR (gettext ("\ 2021 section [%2d] '%s': 2nd hash function shift too big: %u\n"), 2022 idx, section_name (ebl, idx), shift); 2023 2024 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words 2025 + nbuckets); 2026 2027 if (symshdr != NULL) 2028 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize); 2029 2030 /* We need the symbol section data. */ 2031 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL); 2032 2033 union 2034 { 2035 Elf32_Word *p32; 2036 Elf64_Xword *p64; 2037 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] }, 2038 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) }; 2039 2040 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64; 2041 2042 size_t cnt; 2043 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt) 2044 { 2045 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt]; 2046 2047 if (symidx == 0) 2048 continue; 2049 2050 if (symidx < symbias) 2051 { 2052 ERROR (gettext ("\ 2053 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"), 2054 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2055 continue; 2056 } 2057 2058 while (symidx - symbias < maxidx) 2059 { 2060 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4 2061 + bitmask_words 2062 + nbuckets 2063 + symidx 2064 - symbias]; 2065 2066 if (symdata != NULL) 2067 { 2068 /* Check that the referenced symbol is not undefined. */ 2069 GElf_Sym sym_mem; 2070 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem); 2071 if (sym != NULL && sym->st_shndx == SHN_UNDEF 2072 && GELF_ST_TYPE (sym->st_info) != STT_FUNC) 2073 ERROR (gettext ("\ 2074 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"), 2075 idx, section_name (ebl, idx), symidx, 2076 cnt - (4 + bitmask_words)); 2077 2078 const char *symname = elf_strptr (ebl->elf, symshdr->sh_link, 2079 sym->st_name); 2080 if (symname != NULL) 2081 { 2082 Elf32_Word hval = elf_gnu_hash (symname); 2083 if ((hval & ~1u) != (chainhash & ~1u)) 2084 ERROR (gettext ("\ 2085 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"), 2086 idx, section_name (ebl, idx), symidx, 2087 cnt - (4 + bitmask_words)); 2088 2089 /* Set the bits in the bitmask. */ 2090 size_t maskidx = (hval / classbits) & bitmask_idxmask; 2091 if (classbits == 32) 2092 { 2093 collected.p32[maskidx] 2094 |= UINT32_C (1) << (hval & (classbits - 1)); 2095 collected.p32[maskidx] 2096 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1)); 2097 } 2098 else 2099 { 2100 collected.p64[maskidx] 2101 |= UINT64_C (1) << (hval & (classbits - 1)); 2102 collected.p64[maskidx] 2103 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1)); 2104 } 2105 } 2106 } 2107 2108 if ((chainhash & 1) != 0) 2109 break; 2110 2111 ++symidx; 2112 } 2113 2114 if (symidx - symbias >= maxidx) 2115 ERROR (gettext ("\ 2116 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"), 2117 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2118 else if (symshdr != NULL 2119 && symidx > symshdr->sh_size / symshdr->sh_entsize) 2120 ERROR (gettext ("\ 2121 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"), 2122 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2123 } 2124 2125 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word))) 2126 ERROR (gettext ("\ 2127 section [%2d] '%s': bitmask does not match names in the hash table\n"), 2128 idx, section_name (ebl, idx)); 2129 2130 free (collected.p32); 2131 } 2132 2133 2134 static void check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2135 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2136 { 2137 if (ehdr->e_type == ET_REL) 2138 { 2139 ERROR (gettext ("\ 2140 section [%2d] '%s': relocatable files cannot have hash tables\n"), 2141 idx, section_name (ebl, idx)); 2142 return; 2143 } 2144 2145 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2146 if (data == NULL) 2147 { 2148 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2149 idx, section_name (ebl, idx)); 2150 return; 2151 } 2152 2153 GElf_Shdr symshdr_mem; 2154 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2155 &symshdr_mem); 2156 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM) 2157 ERROR (gettext ("\ 2158 section [%2d] '%s': hash table not for dynamic symbol table\n"), 2159 idx, section_name (ebl, idx)); 2160 2161 if (shdr->sh_entsize != (tag == SHT_GNU_HASH 2162 ? (gelf_getclass (ebl->elf) == ELFCLASS32 2163 ? sizeof (Elf32_Word) : 0) 2164 : (size_t) ebl_sysvhash_entrysize (ebl))) 2165 ERROR (gettext ("\ 2166 section [%2d] '%s': hash table entry size incorrect\n"), 2167 idx, section_name (ebl, idx)); 2168 2169 if ((shdr->sh_flags & SHF_ALLOC) == 0) 2170 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"), 2171 idx, section_name (ebl, idx)); 2172 2173 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4)) 2174 { 2175 ERROR (gettext ("\ 2176 section [%2d] '%s': hash table has not even room for initial administrative entries\n"), 2177 idx, section_name (ebl, idx)); 2178 return; 2179 } 2180 2181 switch (tag) 2182 { 2183 case SHT_HASH: 2184 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword)) 2185 check_sysv_hash64 (ebl, shdr, data, idx, symshdr); 2186 else 2187 check_sysv_hash (ebl, shdr, data, idx, symshdr); 2188 break; 2189 2190 case SHT_GNU_HASH: 2191 check_gnu_hash (ebl, shdr, data, idx, symshdr); 2192 break; 2193 2194 default: 2195 assert (! "should not happen"); 2196 } 2197 } 2198 2199 2200 /* Compare content of both hash tables, it must be identical. */ 2201 static void compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2202 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx, 2203 size_t gnu_hash_idx) 2204 { 2205 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx); 2206 Elf_Data *hash_data = elf_getdata (hash_scn, NULL); 2207 GElf_Shdr hash_shdr_mem; 2208 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem); 2209 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx); 2210 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL); 2211 GElf_Shdr gnu_hash_shdr_mem; 2212 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem); 2213 2214 if (hash_shdr == NULL || gnu_hash_shdr == NULL 2215 || hash_data == NULL || gnu_hash_data == NULL) 2216 /* None of these pointers should be NULL since we used the 2217 sections already. We are careful nonetheless. */ 2218 return; 2219 2220 /* The link must point to the same symbol table. */ 2221 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link) 2222 { 2223 ERROR (gettext ("\ 2224 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"), 2225 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2226 gnu_hash_idx, 2227 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2228 return; 2229 } 2230 2231 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link); 2232 Elf_Data *sym_data = elf_getdata (sym_scn, NULL); 2233 GElf_Shdr sym_shdr_mem; 2234 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem); 2235 2236 if (sym_data == NULL || sym_shdr == NULL) 2237 return; 2238 2239 int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize; 2240 char *used = alloca (nentries); 2241 memset (used, '\0', nentries); 2242 2243 /* First go over the GNU_HASH table and mark the entries as used. */ 2244 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf; 2245 Elf32_Word gnu_nbucket = gnu_hasharr[0]; 2246 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2; 2247 const Elf32_Word *gnu_bucket = (gnu_hasharr 2248 + (4 + gnu_hasharr[2] * bitmap_factor)); 2249 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1]; 2250 2251 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt) 2252 { 2253 Elf32_Word symidx = gnu_bucket[cnt]; 2254 if (symidx != STN_UNDEF) 2255 do 2256 used[symidx] |= 1; 2257 while ((gnu_chain[symidx++] & 1u) == 0); 2258 } 2259 2260 /* Now go over the old hash table and check that we cover the same 2261 entries. */ 2262 if (hash_shdr->sh_entsize == sizeof (Elf32_Word)) 2263 { 2264 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf; 2265 Elf32_Word nbucket = hasharr[0]; 2266 const Elf32_Word *bucket = &hasharr[2]; 2267 const Elf32_Word *chain = &hasharr[2 + nbucket]; 2268 2269 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt) 2270 { 2271 Elf32_Word symidx = bucket[cnt]; 2272 while (symidx != STN_UNDEF) 2273 { 2274 used[symidx] |= 2; 2275 symidx = chain[symidx]; 2276 } 2277 } 2278 } 2279 else 2280 { 2281 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf; 2282 Elf64_Xword nbucket = hasharr[0]; 2283 const Elf64_Xword *bucket = &hasharr[2]; 2284 const Elf64_Xword *chain = &hasharr[2 + nbucket]; 2285 2286 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt) 2287 { 2288 Elf64_Xword symidx = bucket[cnt]; 2289 while (symidx != STN_UNDEF) 2290 { 2291 used[symidx] |= 2; 2292 symidx = chain[symidx]; 2293 } 2294 } 2295 } 2296 2297 /* Now see which entries are not set in one or both hash tables 2298 (unless the symbol is undefined in which case it can be omitted 2299 in the new table format). */ 2300 if ((used[0] & 1) != 0) 2301 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2302 gnu_hash_idx, 2303 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2304 if ((used[0] & 2) != 0) 2305 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2306 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2307 2308 for (int cnt = 1; cnt < nentries; ++cnt) 2309 if (used[cnt] != 0 && used[cnt] != 3) 2310 { 2311 if (used[cnt] == 1) 2312 ERROR (gettext ("\ 2313 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"), 2314 cnt, gnu_hash_idx, 2315 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name), 2316 hash_idx, 2317 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2318 else 2319 { 2320 GElf_Sym sym_mem; 2321 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem); 2322 2323 if (sym != NULL && sym->st_shndx != STN_UNDEF) 2324 ERROR (gettext ("\ 2325 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"), 2326 cnt, hash_idx, 2327 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2328 gnu_hash_idx, 2329 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2330 } 2331 } 2332 } 2333 2334 2335 static void check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2336 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx) 2337 { 2338 #define TEST(name, extra) \ 2339 if (extra && shdr->sh_##name != 0) \ 2340 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \ 2341 idx, section_name (ebl, idx), #name) 2342 2343 TEST (name, 1); 2344 TEST (flags, 1); 2345 TEST (addr, 1); 2346 TEST (offset, 1); 2347 TEST (size, idx != 0); 2348 TEST (link, idx != 0); 2349 TEST (info, 1); 2350 TEST (addralign, 1); 2351 TEST (entsize, 1); 2352 } 2353 2354 2355 static void check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2356 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2357 { 2358 if (ehdr->e_type != ET_REL) 2359 { 2360 ERROR (gettext ("\ 2361 section [%2d] '%s': section groups only allowed in relocatable object files\n"), 2362 idx, section_name (ebl, idx)); 2363 return; 2364 } 2365 2366 /* Check that sh_link is an index of a symbol table. */ 2367 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2368 GElf_Shdr symshdr_mem; 2369 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2370 if (symshdr == NULL) 2371 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"), 2372 idx, section_name (ebl, idx), elf_errmsg (-1)); 2373 else 2374 { 2375 if (symshdr->sh_type != SHT_SYMTAB) 2376 ERROR (gettext ("\ 2377 section [%2d] '%s': section reference in sh_link is no symbol table\n"), 2378 idx, section_name (ebl, idx)); 2379 2380 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM, 2381 1, EV_CURRENT)) 2382 ERROR (gettext ("\ 2383 section [%2d] '%s': invalid symbol index in sh_info\n"), 2384 idx, section_name (ebl, idx)); 2385 2386 if (shdr->sh_flags != 0) 2387 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"), 2388 idx, section_name (ebl, idx)); 2389 2390 GElf_Sym sym_data; 2391 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info, 2392 &sym_data); 2393 if (sym == NULL) 2394 ERROR (gettext ("\ 2395 section [%2d] '%s': cannot get symbol for signature\n"), 2396 idx, section_name (ebl, idx)); 2397 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name), 2398 "") == 0) 2399 ERROR (gettext ("\ 2400 section [%2d] '%s': signature symbol canot be empty string\n"), 2401 idx, section_name (ebl, idx)); 2402 2403 if (be_strict 2404 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT)) 2405 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"), 2406 idx, section_name (ebl, idx)); 2407 } 2408 2409 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2410 if (data == NULL) 2411 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"), 2412 idx, section_name (ebl, idx), elf_errmsg (-1)); 2413 else 2414 { 2415 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT); 2416 size_t cnt; 2417 Elf32_Word val; 2418 2419 if (data->d_size % elsize != 0) 2420 ERROR (gettext ("\ 2421 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"), 2422 idx, section_name (ebl, idx)); 2423 2424 if (data->d_size < elsize) 2425 ERROR (gettext ("\ 2426 section [%2d] '%s': section group without flags word\n"), 2427 idx, section_name (ebl, idx)); 2428 else if (be_strict) 2429 { 2430 if (data->d_size < 2 * elsize) 2431 ERROR (gettext ("\ 2432 section [%2d] '%s': section group without member\n"), 2433 idx, section_name (ebl, idx)); 2434 else if (data->d_size < 3 * elsize) 2435 ERROR (gettext ("\ 2436 section [%2d] '%s': section group with only one member\n"), 2437 idx, section_name (ebl, idx)); 2438 } 2439 2440 #if ALLOW_UNALIGNED 2441 val = *((Elf32_Word *) data->d_buf); 2442 #else 2443 memcpy (&val, data->d_buf, elsize); 2444 #endif 2445 if ((val & ~GRP_COMDAT) != 0) 2446 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"), 2447 idx, section_name (ebl, idx)); 2448 2449 for (cnt = elsize; cnt < data->d_size; cnt += elsize) 2450 { 2451 #if ALLOW_UNALIGNED 2452 val = *((Elf32_Word *) ((char *) data->d_buf + cnt)); 2453 #else 2454 memcpy (&val, (char *) data->d_buf + cnt, elsize); 2455 #endif 2456 2457 if (val > shnum) 2458 ERROR (gettext ("\ 2459 section [%2d] '%s': section index %Zu out of range\n"), 2460 idx, section_name (ebl, idx), cnt / elsize); 2461 else 2462 { 2463 GElf_Shdr refshdr_mem; 2464 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val), 2465 &refshdr_mem); 2466 if (refshdr == NULL) 2467 ERROR (gettext ("\ 2468 section [%2d] '%s': cannot get section header for element %zu: %s\n"), 2469 idx, section_name (ebl, idx), cnt / elsize, 2470 elf_errmsg (-1)); 2471 else 2472 { 2473 if (refshdr->sh_type == SHT_GROUP) 2474 ERROR (gettext ("\ 2475 section [%2d] '%s': section group contains another group [%2d] '%s'\n"), 2476 idx, section_name (ebl, idx), 2477 val, section_name (ebl, val)); 2478 2479 if ((refshdr->sh_flags & SHF_GROUP) == 0) 2480 ERROR (gettext ("\ 2481 section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"), 2482 idx, section_name (ebl, idx), cnt / elsize, 2483 val, section_name (ebl, val)); 2484 } 2485 2486 if (++scnref[val] == 2) 2487 ERROR (gettext ("\ 2488 section [%2d] '%s' is contained in more than one section group\n"), 2489 val, section_name (ebl, val)); 2490 } 2491 } 2492 } 2493 } 2494 2495 2496 static const char * section_flags_string(GElf_Word flags,char * buf,size_t len)2497 section_flags_string (GElf_Word flags, char *buf, size_t len) 2498 { 2499 if (flags == 0) 2500 return "none"; 2501 2502 static const struct 2503 { 2504 GElf_Word flag; 2505 const char *name; 2506 } known_flags[] = 2507 { 2508 #define NEWFLAG(name) { SHF_##name, #name } 2509 NEWFLAG (WRITE), 2510 NEWFLAG (ALLOC), 2511 NEWFLAG (EXECINSTR), 2512 NEWFLAG (MERGE), 2513 NEWFLAG (STRINGS), 2514 NEWFLAG (INFO_LINK), 2515 NEWFLAG (LINK_ORDER), 2516 NEWFLAG (OS_NONCONFORMING), 2517 NEWFLAG (GROUP), 2518 NEWFLAG (TLS) 2519 }; 2520 #undef NEWFLAG 2521 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]); 2522 2523 char *cp = buf; 2524 2525 for (size_t cnt = 0; cnt < nknown_flags; ++cnt) 2526 if (flags & known_flags[cnt].flag) 2527 { 2528 if (cp != buf && len > 1) 2529 { 2530 *cp++ = '|'; 2531 --len; 2532 } 2533 2534 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name)); 2535 cp = mempcpy (cp, known_flags[cnt].name, ncopy); 2536 len -= ncopy; 2537 2538 flags ^= known_flags[cnt].flag; 2539 } 2540 2541 if (flags != 0 || cp == buf) 2542 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags); 2543 2544 *cp = '\0'; 2545 2546 return buf; 2547 } 2548 2549 2550 static int has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2551 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx) 2552 { 2553 /* First find the relocation section for the symbol table. */ 2554 Elf_Scn *scn = NULL; 2555 GElf_Shdr shdr_mem; 2556 GElf_Shdr *shdr = NULL; 2557 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 2558 { 2559 shdr = gelf_getshdr (scn, &shdr_mem); 2560 if (shdr != NULL 2561 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA) 2562 && shdr->sh_link == symscnndx) 2563 /* Found the section. */ 2564 break; 2565 } 2566 2567 if (scn == NULL) 2568 return 0; 2569 2570 Elf_Data *data = elf_getdata (scn, NULL); 2571 if (data == NULL) 2572 return 0; 2573 2574 if (shdr->sh_type == SHT_REL) 2575 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2576 { 2577 GElf_Rel rel_mem; 2578 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem); 2579 if (rel == NULL) 2580 continue; 2581 2582 if (GELF_R_SYM (rel->r_info) == symndx 2583 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info))) 2584 return 1; 2585 } 2586 else 2587 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2588 { 2589 GElf_Rela rela_mem; 2590 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem); 2591 if (rela == NULL) 2592 continue; 2593 2594 if (GELF_R_SYM (rela->r_info) == symndx 2595 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info))) 2596 return 1; 2597 } 2598 2599 return 0; 2600 } 2601 2602 2603 static int in_nobits_scn(Ebl * ebl,unsigned int shndx)2604 in_nobits_scn (Ebl *ebl, unsigned int shndx) 2605 { 2606 GElf_Shdr shdr_mem; 2607 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem); 2608 return shdr != NULL && shdr->sh_type == SHT_NOBITS; 2609 } 2610 2611 2612 static struct version_namelist 2613 { 2614 const char *objname; 2615 const char *name; 2616 GElf_Versym ndx; 2617 enum { ver_def, ver_need } type; 2618 struct version_namelist *next; 2619 } *version_namelist; 2620 2621 2622 static int add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2623 add_version (const char *objname, const char *name, GElf_Versym ndx, int type) 2624 { 2625 /* Check that there are no duplications. */ 2626 struct version_namelist *nlp = version_namelist; 2627 while (nlp != NULL) 2628 { 2629 if (((nlp->objname == NULL && objname == NULL) 2630 || (nlp->objname != NULL && objname != NULL 2631 && strcmp (nlp->objname, objname) == 0)) 2632 && strcmp (nlp->name, name) == 0) 2633 return nlp->type == ver_def ? 1 : -1; 2634 nlp = nlp->next; 2635 } 2636 2637 nlp = xmalloc (sizeof (*nlp)); 2638 nlp->objname = objname; 2639 nlp->name = name; 2640 nlp->ndx = ndx; 2641 nlp->type = type; 2642 nlp->next = version_namelist; 2643 version_namelist = nlp; 2644 2645 return 0; 2646 } 2647 2648 2649 static void check_versym(Ebl * ebl,int idx)2650 check_versym (Ebl *ebl, int idx) 2651 { 2652 Elf_Scn *scn = elf_getscn (ebl->elf, idx); 2653 GElf_Shdr shdr_mem; 2654 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2655 if (shdr == NULL) 2656 /* The error has already been reported. */ 2657 return; 2658 2659 Elf_Data *data = elf_getdata (scn, NULL); 2660 if (data == NULL) 2661 { 2662 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2663 idx, section_name (ebl, idx)); 2664 return; 2665 } 2666 2667 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2668 GElf_Shdr symshdr_mem; 2669 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2670 if (symshdr == NULL) 2671 /* The error has already been reported. */ 2672 return; 2673 2674 if (symshdr->sh_type != SHT_DYNSYM) 2675 { 2676 ERROR (gettext ("\ 2677 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"), 2678 idx, section_name (ebl, idx), 2679 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2680 return; 2681 } 2682 2683 /* The number of elements in the version symbol table must be the 2684 same as the number of symbols. */ 2685 if (shdr->sh_size / shdr->sh_entsize 2686 != symshdr->sh_size / symshdr->sh_entsize) 2687 ERROR (gettext ("\ 2688 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"), 2689 idx, section_name (ebl, idx), 2690 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2691 2692 Elf_Data *symdata = elf_getdata (symscn, NULL); 2693 if (symdata == NULL) 2694 /* The error has already been reported. */ 2695 return; 2696 2697 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 2698 { 2699 GElf_Versym versym_mem; 2700 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem); 2701 if (versym == NULL) 2702 { 2703 ERROR (gettext ("\ 2704 section [%2d] '%s': symbol %d: cannot read version data\n"), 2705 idx, section_name (ebl, idx), cnt); 2706 break; 2707 } 2708 2709 GElf_Sym sym_mem; 2710 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem); 2711 if (sym == NULL) 2712 /* Already reported elsewhere. */ 2713 continue; 2714 2715 if (*versym == VER_NDX_GLOBAL) 2716 { 2717 /* Global symbol. Make sure it is not defined as local. */ 2718 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2719 ERROR (gettext ("\ 2720 section [%2d] '%s': symbol %d: local symbol with global scope\n"), 2721 idx, section_name (ebl, idx), cnt); 2722 } 2723 else if (*versym != VER_NDX_LOCAL) 2724 { 2725 /* Versioned symbol. Make sure it is not defined as local. */ 2726 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2727 ERROR (gettext ("\ 2728 section [%2d] '%s': symbol %d: local symbol with version\n"), 2729 idx, section_name (ebl, idx), cnt); 2730 2731 /* Look through the list of defined versions and locate the 2732 index we need for this symbol. */ 2733 struct version_namelist *runp = version_namelist; 2734 while (runp != NULL) 2735 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff)) 2736 break; 2737 else 2738 runp = runp->next; 2739 2740 if (runp == NULL) 2741 ERROR (gettext ("\ 2742 section [%2d] '%s': symbol %d: invalid version index %d\n"), 2743 idx, section_name (ebl, idx), cnt, (int) *versym); 2744 else if (sym->st_shndx == SHN_UNDEF 2745 && runp->type == ver_def) 2746 ERROR (gettext ("\ 2747 section [%2d] '%s': symbol %d: version index %d is for defined version\n"), 2748 idx, section_name (ebl, idx), cnt, (int) *versym); 2749 else if (sym->st_shndx != SHN_UNDEF 2750 && runp->type == ver_need) 2751 { 2752 /* Unless this symbol has a copy relocation associated 2753 this must not happen. */ 2754 if (!has_copy_reloc (ebl, shdr->sh_link, cnt) 2755 && !in_nobits_scn (ebl, sym->st_shndx)) 2756 ERROR (gettext ("\ 2757 section [%2d] '%s': symbol %d: version index %d is for requested version\n"), 2758 idx, section_name (ebl, idx), cnt, (int) *versym); 2759 } 2760 } 2761 } 2762 } 2763 2764 2765 static int unknown_dependency_p(Elf * elf,GElf_Ehdr * ehdr,const char * fname)2766 unknown_dependency_p (Elf *elf, GElf_Ehdr *ehdr, const char *fname) 2767 { 2768 GElf_Phdr phdr_mem; 2769 GElf_Phdr *phdr = NULL; 2770 2771 int i; 2772 for (i = 0; i < ehdr->e_phnum; ++i) 2773 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL 2774 && phdr->p_type == PT_DYNAMIC) 2775 break; 2776 2777 if (i == ehdr->e_phnum) 2778 return 1; 2779 assert (phdr != NULL); 2780 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset); 2781 GElf_Shdr shdr_mem; 2782 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2783 Elf_Data *data = elf_getdata (scn, NULL); 2784 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL) 2785 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j) 2786 { 2787 GElf_Dyn dyn_mem; 2788 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem); 2789 if (dyn != NULL && dyn->d_tag == DT_NEEDED) 2790 { 2791 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val); 2792 if (str != NULL && strcmp (str, fname) == 0) 2793 /* Found it. */ 2794 return 0; 2795 } 2796 } 2797 2798 return 1; 2799 } 2800 2801 2802 static unsigned int nverneed; 2803 2804 static void check_verneed(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2805 check_verneed (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2806 { 2807 if (++nverneed == 2) 2808 ERROR (gettext ("more than one version reference section present\n")); 2809 2810 GElf_Shdr strshdr_mem; 2811 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2812 &strshdr_mem); 2813 if (strshdr == NULL) 2814 return; 2815 if (strshdr->sh_type != SHT_STRTAB) 2816 ERROR (gettext ("\ 2817 section [%2d] '%s': sh_link does not link to string table\n"), 2818 idx, section_name (ebl, idx)); 2819 2820 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2821 if (data == NULL) 2822 { 2823 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2824 idx, section_name (ebl, idx)); 2825 return; 2826 } 2827 unsigned int offset = 0; 2828 for (int cnt = shdr->sh_info; --cnt >= 0; ) 2829 { 2830 /* Get the data at the next offset. */ 2831 GElf_Verneed needmem; 2832 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem); 2833 if (need == NULL) 2834 break; 2835 2836 unsigned int auxoffset = offset + need->vn_aux; 2837 2838 if (need->vn_version != EV_CURRENT) 2839 ERROR (gettext ("\ 2840 section [%2d] '%s': entry %d has wrong version %d\n"), 2841 idx, section_name (ebl, idx), cnt, (int) need->vn_version); 2842 2843 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED, 2844 1, EV_CURRENT)) 2845 ERROR (gettext ("\ 2846 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 2847 idx, section_name (ebl, idx), cnt); 2848 2849 const char *libname = elf_strptr (ebl->elf, shdr->sh_link, 2850 need->vn_file); 2851 if (libname == NULL) 2852 { 2853 ERROR (gettext ("\ 2854 section [%2d] '%s': entry %d has invalid file reference\n"), 2855 idx, section_name (ebl, idx), cnt); 2856 goto next_need; 2857 } 2858 2859 /* Check that there is a DT_NEEDED entry for the referenced library. */ 2860 if (unknown_dependency_p (ebl->elf, ehdr, libname)) 2861 ERROR (gettext ("\ 2862 section [%2d] '%s': entry %d references unknown dependency\n"), 2863 idx, section_name (ebl, idx), cnt); 2864 2865 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; ) 2866 { 2867 GElf_Vernaux auxmem; 2868 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem); 2869 if (aux == NULL) 2870 break; 2871 2872 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0) 2873 ERROR (gettext ("\ 2874 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"), 2875 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2876 2877 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link, 2878 aux->vna_name); 2879 if (verstr == NULL) 2880 ERROR (gettext ("\ 2881 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"), 2882 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2883 else 2884 { 2885 GElf_Word hashval = elf_hash (verstr); 2886 if (hashval != aux->vna_hash) 2887 ERROR (gettext ("\ 2888 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"), 2889 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2890 cnt, (int) hashval, (int) aux->vna_hash); 2891 2892 int res = add_version (libname, verstr, aux->vna_other, 2893 ver_need); 2894 if (unlikely (res !=0)) 2895 { 2896 assert (res > 0); 2897 ERROR (gettext ("\ 2898 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"), 2899 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2900 cnt, verstr); 2901 } 2902 } 2903 2904 if ((aux->vna_next != 0 || cnt2 > 0) 2905 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, 2906 EV_CURRENT)) 2907 { 2908 ERROR (gettext ("\ 2909 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"), 2910 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2911 break; 2912 } 2913 2914 auxoffset += MAX (aux->vna_next, 2915 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT)); 2916 } 2917 2918 /* Find the next offset. */ 2919 next_need: 2920 offset += need->vn_next; 2921 2922 if ((need->vn_next != 0 || cnt > 0) 2923 && offset < auxoffset) 2924 ERROR (gettext ("\ 2925 section [%2d] '%s': entry %d has invalid offset to next entry\n"), 2926 idx, section_name (ebl, idx), cnt); 2927 } 2928 } 2929 2930 2931 static unsigned int nverdef; 2932 2933 static void check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)2934 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx) 2935 { 2936 if (++nverdef == 2) 2937 ERROR (gettext ("more than one version definition section present\n")); 2938 2939 GElf_Shdr strshdr_mem; 2940 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2941 &strshdr_mem); 2942 if (strshdr == NULL) 2943 return; 2944 if (strshdr->sh_type != SHT_STRTAB) 2945 ERROR (gettext ("\ 2946 section [%2d] '%s': sh_link does not link to string table\n"), 2947 idx, section_name (ebl, idx)); 2948 2949 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2950 if (data == NULL) 2951 { 2952 no_data: 2953 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2954 idx, section_name (ebl, idx)); 2955 return; 2956 } 2957 2958 /* Iterate over all version definition entries. We check that there 2959 is a BASE entry and that each index is unique. To do the later 2960 we collection the information in a list which is later 2961 examined. */ 2962 struct namelist 2963 { 2964 const char *name; 2965 struct namelist *next; 2966 } *namelist = NULL; 2967 struct namelist *refnamelist = NULL; 2968 2969 bool has_base = false; 2970 unsigned int offset = 0; 2971 for (int cnt = shdr->sh_info; --cnt >= 0; ) 2972 { 2973 /* Get the data at the next offset. */ 2974 GElf_Verdef defmem; 2975 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem); 2976 if (def == NULL) 2977 goto no_data; 2978 2979 if ((def->vd_flags & VER_FLG_BASE) != 0) 2980 { 2981 if (has_base) 2982 ERROR (gettext ("\ 2983 section [%2d] '%s': more than one BASE definition\n"), 2984 idx, section_name (ebl, idx)); 2985 if (def->vd_ndx != VER_NDX_GLOBAL) 2986 ERROR (gettext ("\ 2987 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"), 2988 idx, section_name (ebl, idx)); 2989 has_base = true; 2990 } 2991 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0) 2992 ERROR (gettext ("\ 2993 section [%2d] '%s': entry %d has unknown flag\n"), 2994 idx, section_name (ebl, idx), cnt); 2995 2996 if (def->vd_version != EV_CURRENT) 2997 ERROR (gettext ("\ 2998 section [%2d] '%s': entry %d has wrong version %d\n"), 2999 idx, section_name (ebl, idx), cnt, (int) def->vd_version); 3000 3001 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF, 3002 1, EV_CURRENT)) 3003 ERROR (gettext ("\ 3004 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 3005 idx, section_name (ebl, idx), cnt); 3006 3007 unsigned int auxoffset = offset + def->vd_aux; 3008 GElf_Verdaux auxmem; 3009 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem); 3010 if (aux == NULL) 3011 goto no_data; 3012 3013 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3014 if (name == NULL) 3015 { 3016 ERROR (gettext ("\ 3017 section [%2d] '%s': entry %d has invalid name reference\n"), 3018 idx, section_name (ebl, idx), cnt); 3019 goto next_def; 3020 } 3021 GElf_Word hashval = elf_hash (name); 3022 if (def->vd_hash != hashval) 3023 ERROR (gettext ("\ 3024 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"), 3025 idx, section_name (ebl, idx), cnt, (int) hashval, 3026 (int) def->vd_hash); 3027 3028 int res = add_version (NULL, name, def->vd_ndx, ver_def); 3029 if (unlikely (res !=0)) 3030 { 3031 assert (res > 0); 3032 ERROR (gettext ("\ 3033 section [%2d] '%s': entry %d has duplicate version name '%s'\n"), 3034 idx, section_name (ebl, idx), cnt, name); 3035 } 3036 3037 struct namelist *newname = alloca (sizeof (*newname)); 3038 newname->name = name; 3039 newname->next = namelist; 3040 namelist = newname; 3041 3042 auxoffset += aux->vda_next; 3043 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2) 3044 { 3045 aux = gelf_getverdaux (data, auxoffset, &auxmem); 3046 if (aux == NULL) 3047 goto no_data; 3048 3049 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3050 if (name == NULL) 3051 ERROR (gettext ("\ 3052 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"), 3053 idx, section_name (ebl, idx), cnt); 3054 else 3055 { 3056 newname = alloca (sizeof (*newname)); 3057 newname->name = name; 3058 newname->next = refnamelist; 3059 refnamelist = newname; 3060 } 3061 3062 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt) 3063 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, 3064 EV_CURRENT)) 3065 { 3066 ERROR (gettext ("\ 3067 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"), 3068 idx, section_name (ebl, idx), cnt); 3069 break; 3070 } 3071 3072 auxoffset += MAX (aux->vda_next, 3073 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT)); 3074 } 3075 3076 /* Find the next offset. */ 3077 next_def: 3078 offset += def->vd_next; 3079 3080 if ((def->vd_next != 0 || cnt > 0) 3081 && offset < auxoffset) 3082 ERROR (gettext ("\ 3083 section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3084 idx, section_name (ebl, idx), cnt); 3085 } 3086 3087 if (!has_base) 3088 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"), 3089 idx, section_name (ebl, idx)); 3090 3091 /* Check whether the referenced names are available. */ 3092 while (namelist != NULL) 3093 { 3094 struct version_namelist *runp = version_namelist; 3095 while (runp != NULL) 3096 { 3097 if (runp->type == ver_def 3098 && strcmp (runp->name, namelist->name) == 0) 3099 break; 3100 runp = runp->next; 3101 } 3102 3103 if (runp == NULL) 3104 ERROR (gettext ("\ 3105 section [%2d] '%s': unknown parent version '%s'\n"), 3106 idx, section_name (ebl, idx), namelist->name); 3107 3108 namelist = namelist->next; 3109 } 3110 } 3111 3112 static void check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3113 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 3114 { 3115 if (shdr->sh_size == 0) 3116 { 3117 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"), 3118 idx, section_name (ebl, idx)); 3119 return; 3120 } 3121 3122 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL); 3123 if (data == NULL || data->d_size == 0) 3124 { 3125 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3126 idx, section_name (ebl, idx)); 3127 return; 3128 } 3129 3130 inline size_t pos (const unsigned char *p) 3131 { 3132 return p - (const unsigned char *) data->d_buf; 3133 } 3134 3135 const unsigned char *p = data->d_buf; 3136 if (*p++ != 'A') 3137 { 3138 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"), 3139 idx, section_name (ebl, idx)); 3140 return; 3141 } 3142 3143 inline size_t left (void) 3144 { 3145 return (const unsigned char *) data->d_buf + data->d_size - p; 3146 } 3147 3148 while (left () >= 4) 3149 { 3150 uint32_t len; 3151 memcpy (&len, p, sizeof len); 3152 3153 if (len == 0) 3154 ERROR (gettext ("\ 3155 section [%2d] '%s': offset %zu: zero length field in attribute section\n"), 3156 idx, section_name (ebl, idx), pos (p)); 3157 3158 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3159 CONVERT (len); 3160 3161 if (len > left ()) 3162 { 3163 ERROR (gettext ("\ 3164 section [%2d] '%s': offset %zu: invalid length in attribute section\n"), 3165 idx, section_name (ebl, idx), pos (p)); 3166 break; 3167 } 3168 3169 const unsigned char *name = p + sizeof len; 3170 p += len; 3171 3172 unsigned const char *q = memchr (name, '\0', len); 3173 if (q == NULL) 3174 { 3175 ERROR (gettext ("\ 3176 section [%2d] '%s': offset %zu: unterminated vendor name string\n"), 3177 idx, section_name (ebl, idx), pos (p)); 3178 continue; 3179 } 3180 ++q; 3181 3182 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu")) 3183 while (q < p) 3184 { 3185 unsigned const char *chunk = q; 3186 3187 unsigned int subsection_tag; 3188 get_uleb128 (subsection_tag, q); 3189 3190 if (q >= p) 3191 { 3192 ERROR (gettext ("\ 3193 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"), 3194 idx, section_name (ebl, idx), pos (chunk)); 3195 break; 3196 } 3197 3198 uint32_t subsection_len; 3199 if (p - q < (ptrdiff_t) sizeof subsection_len) 3200 { 3201 ERROR (gettext ("\ 3202 section [%2d] '%s': offset %zu: truncated attribute section\n"), 3203 idx, section_name (ebl, idx), pos (q)); 3204 break; 3205 } 3206 3207 memcpy (&subsection_len, q, sizeof subsection_len); 3208 if (subsection_len == 0) 3209 { 3210 ERROR (gettext ("\ 3211 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"), 3212 idx, section_name (ebl, idx), pos (q)); 3213 3214 q += sizeof subsection_len; 3215 continue; 3216 } 3217 3218 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3219 CONVERT (subsection_len); 3220 3221 if (p - chunk < (ptrdiff_t) subsection_len) 3222 { 3223 ERROR (gettext ("\ 3224 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"), 3225 idx, section_name (ebl, idx), pos (q)); 3226 break; 3227 } 3228 3229 const unsigned char *subsection_end = chunk + subsection_len; 3230 chunk = q; 3231 q = subsection_end; 3232 3233 if (subsection_tag != 1) /* Tag_File */ 3234 ERROR (gettext ("\ 3235 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"), 3236 idx, section_name (ebl, idx), pos (chunk), subsection_tag); 3237 else 3238 { 3239 chunk += sizeof subsection_len; 3240 while (chunk < q) 3241 { 3242 unsigned int tag; 3243 get_uleb128 (tag, chunk); 3244 3245 uint64_t value = 0; 3246 const unsigned char *r = chunk; 3247 if (tag == 32 || (tag & 1) == 0) 3248 { 3249 get_uleb128 (value, r); 3250 if (r > q) 3251 { 3252 ERROR (gettext ("\ 3253 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"), 3254 idx, section_name (ebl, idx), pos (chunk)); 3255 break; 3256 } 3257 } 3258 if (tag == 32 || (tag & 1) != 0) 3259 { 3260 r = memchr (r, '\0', q - r); 3261 if (r == NULL) 3262 { 3263 ERROR (gettext ("\ 3264 section [%2d] '%s': offset %zu: unterminated string in attribute\n"), 3265 idx, section_name (ebl, idx), pos (chunk)); 3266 break; 3267 } 3268 ++r; 3269 } 3270 3271 const char *tag_name = NULL; 3272 const char *value_name = NULL; 3273 if (!ebl_check_object_attribute (ebl, (const char *) name, 3274 tag, value, 3275 &tag_name, &value_name)) 3276 ERROR (gettext ("\ 3277 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"), 3278 idx, section_name (ebl, idx), pos (chunk), tag); 3279 else if ((tag & 1) == 0 && value_name == NULL) 3280 ERROR (gettext ("\ 3281 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"), 3282 idx, section_name (ebl, idx), pos (chunk), 3283 tag_name, value); 3284 3285 chunk = r; 3286 } 3287 } 3288 } 3289 else 3290 ERROR (gettext ("\ 3291 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"), 3292 idx, section_name (ebl, idx), pos (p), name); 3293 } 3294 3295 if (left () != 0) 3296 ERROR (gettext ("\ 3297 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"), 3298 idx, section_name (ebl, idx), pos (p)); 3299 } 3300 3301 static bool has_loadable_segment; 3302 static bool has_interp_segment; 3303 3304 static const struct 3305 { 3306 const char *name; 3307 size_t namelen; 3308 GElf_Word type; 3309 enum { unused, exact, atleast, exact_or_gnuld } attrflag; 3310 GElf_Word attr; 3311 GElf_Word attr2; 3312 } special_sections[] = 3313 { 3314 /* See figure 4-14 in the gABI. */ 3315 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3316 { ".comment", 8, SHT_PROGBITS, exact, 0, 0 }, 3317 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3318 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3319 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 }, 3320 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 }, 3321 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE }, 3322 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 }, 3323 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 }, 3324 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3325 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3326 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info? 3327 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 }, 3328 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3329 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3330 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests? 3331 { ".line", 6, SHT_PROGBITS, exact, 0, 0 }, 3332 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC }, 3333 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests 3334 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3335 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC }, // XXX more tests 3336 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC }, // XXX more tests 3337 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3338 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3339 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 }, 3340 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3341 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3342 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests 3343 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3344 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3345 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3346 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3347 3348 /* The following are GNU extensions. */ 3349 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 }, 3350 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 }, 3351 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 }, 3352 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 }, 3353 }; 3354 #define nspecial_sections \ 3355 (sizeof (special_sections) / sizeof (special_sections[0])) 3356 3357 #define IS_KNOWN_SPECIAL(idx, string, prefix) \ 3358 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \ 3359 && !memcmp (special_sections[idx].name, string, \ 3360 sizeof string - (prefix ? 1 : 0))) 3361 3362 static void check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3363 check_sections (Ebl *ebl, GElf_Ehdr *ehdr) 3364 { 3365 if (ehdr->e_shoff == 0) 3366 /* No section header. */ 3367 return; 3368 3369 /* Allocate array to count references in section groups. */ 3370 scnref = (int *) xcalloc (shnum, sizeof (int)); 3371 3372 /* Check the zeroth section first. It must not have any contents 3373 and the section header must contain nonzero value at most in the 3374 sh_size and sh_link fields. */ 3375 GElf_Shdr shdr_mem; 3376 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 3377 if (shdr == NULL) 3378 ERROR (gettext ("cannot get section header of zeroth section\n")); 3379 else 3380 { 3381 if (shdr->sh_name != 0) 3382 ERROR (gettext ("zeroth section has nonzero name\n")); 3383 if (shdr->sh_type != 0) 3384 ERROR (gettext ("zeroth section has nonzero type\n")); 3385 if (shdr->sh_flags != 0) 3386 ERROR (gettext ("zeroth section has nonzero flags\n")); 3387 if (shdr->sh_addr != 0) 3388 ERROR (gettext ("zeroth section has nonzero address\n")); 3389 if (shdr->sh_offset != 0) 3390 ERROR (gettext ("zeroth section has nonzero offset\n")); 3391 if (shdr->sh_info != 0) 3392 ERROR (gettext ("zeroth section has nonzero info field\n")); 3393 if (shdr->sh_addralign != 0) 3394 ERROR (gettext ("zeroth section has nonzero align value\n")); 3395 if (shdr->sh_entsize != 0) 3396 ERROR (gettext ("zeroth section has nonzero entry size value\n")); 3397 3398 if (shdr->sh_size != 0 && ehdr->e_shnum != 0) 3399 ERROR (gettext ("\ 3400 zeroth section has nonzero size value while ELF header has nonzero shnum value\n")); 3401 3402 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX) 3403 ERROR (gettext ("\ 3404 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n")); 3405 } 3406 3407 int *segment_flags = xcalloc (ehdr->e_phnum, sizeof segment_flags[0]); 3408 3409 bool dot_interp_section = false; 3410 3411 size_t hash_idx = 0; 3412 size_t gnu_hash_idx = 0; 3413 3414 size_t versym_scnndx = 0; 3415 for (size_t cnt = 1; cnt < shnum; ++cnt) 3416 { 3417 shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem); 3418 if (shdr == NULL) 3419 { 3420 ERROR (gettext ("\ 3421 cannot get section header for section [%2zu] '%s': %s\n"), 3422 cnt, section_name (ebl, cnt), elf_errmsg (-1)); 3423 continue; 3424 } 3425 3426 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 3427 3428 if (scnname == NULL) 3429 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt); 3430 else 3431 { 3432 /* Check whether it is one of the special sections defined in 3433 the gABI. */ 3434 size_t s; 3435 for (s = 0; s < nspecial_sections; ++s) 3436 if (strncmp (scnname, special_sections[s].name, 3437 special_sections[s].namelen) == 0) 3438 { 3439 char stbuf1[100]; 3440 char stbuf2[100]; 3441 char stbuf3[100]; 3442 3443 GElf_Word good_type = special_sections[s].type; 3444 if (IS_KNOWN_SPECIAL (s, ".plt", false) 3445 && ebl_bss_plt_p (ebl, ehdr)) 3446 good_type = SHT_NOBITS; 3447 3448 /* In a debuginfo file, any normal section can be SHT_NOBITS. 3449 This is only invalid for DWARF sections and .shstrtab. */ 3450 if (shdr->sh_type != good_type 3451 && (shdr->sh_type != SHT_NOBITS 3452 || !is_debuginfo 3453 || IS_KNOWN_SPECIAL (s, ".debug_str", false) 3454 || IS_KNOWN_SPECIAL (s, ".debug", true) 3455 || IS_KNOWN_SPECIAL (s, ".shstrtab", false))) 3456 ERROR (gettext ("\ 3457 section [%2d] '%s' has wrong type: expected %s, is %s\n"), 3458 (int) cnt, scnname, 3459 ebl_section_type_name (ebl, special_sections[s].type, 3460 stbuf1, sizeof (stbuf1)), 3461 ebl_section_type_name (ebl, shdr->sh_type, 3462 stbuf2, sizeof (stbuf2))); 3463 3464 if (special_sections[s].attrflag == exact 3465 || special_sections[s].attrflag == exact_or_gnuld) 3466 { 3467 /* Except for the link order and group bit all the 3468 other bits should match exactly. */ 3469 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP)) 3470 != special_sections[s].attr 3471 && (special_sections[s].attrflag == exact || !gnuld)) 3472 ERROR (gettext ("\ 3473 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"), 3474 cnt, scnname, 3475 section_flags_string (special_sections[s].attr, 3476 stbuf1, sizeof (stbuf1)), 3477 section_flags_string (shdr->sh_flags 3478 & ~SHF_LINK_ORDER, 3479 stbuf2, sizeof (stbuf2))); 3480 } 3481 else if (special_sections[s].attrflag == atleast) 3482 { 3483 if ((shdr->sh_flags & special_sections[s].attr) 3484 != special_sections[s].attr 3485 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP 3486 | special_sections[s].attr 3487 | special_sections[s].attr2)) 3488 != 0)) 3489 ERROR (gettext ("\ 3490 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"), 3491 cnt, scnname, 3492 section_flags_string (special_sections[s].attr, 3493 stbuf1, sizeof (stbuf1)), 3494 section_flags_string (special_sections[s].attr2, 3495 stbuf2, sizeof (stbuf2)), 3496 section_flags_string (shdr->sh_flags 3497 & ~(SHF_LINK_ORDER 3498 | SHF_GROUP), 3499 stbuf3, sizeof (stbuf3))); 3500 } 3501 3502 if (strcmp (scnname, ".interp") == 0) 3503 { 3504 dot_interp_section = true; 3505 3506 if (ehdr->e_type == ET_REL) 3507 ERROR (gettext ("\ 3508 section [%2zu] '%s' present in object file\n"), 3509 cnt, scnname); 3510 3511 if ((shdr->sh_flags & SHF_ALLOC) != 0 3512 && !has_loadable_segment) 3513 ERROR (gettext ("\ 3514 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3515 cnt, scnname); 3516 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3517 && has_loadable_segment) 3518 ERROR (gettext ("\ 3519 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3520 cnt, scnname); 3521 } 3522 else 3523 { 3524 if (strcmp (scnname, ".symtab_shndx") == 0 3525 && ehdr->e_type != ET_REL) 3526 ERROR (gettext ("\ 3527 section [%2zu] '%s' is extension section index table in non-object file\n"), 3528 cnt, scnname); 3529 3530 /* These sections must have the SHF_ALLOC flag set iff 3531 a loadable segment is available. 3532 3533 .relxxx 3534 .strtab 3535 .symtab 3536 .symtab_shndx 3537 3538 Check that if there is a reference from the 3539 loaded section these sections also have the 3540 ALLOC flag set. */ 3541 #if 0 3542 // XXX TODO 3543 if ((shdr->sh_flags & SHF_ALLOC) != 0 3544 && !has_loadable_segment) 3545 ERROR (gettext ("\ 3546 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3547 cnt, scnname); 3548 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3549 && has_loadable_segment) 3550 ERROR (gettext ("\ 3551 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3552 cnt, scnname); 3553 #endif 3554 } 3555 3556 break; 3557 } 3558 } 3559 3560 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize) 3561 ERROR (gettext ("\ 3562 section [%2zu] '%s': size not multiple of entry size\n"), 3563 cnt, section_name (ebl, cnt)); 3564 3565 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL) 3566 ERROR (gettext ("cannot get section header\n")); 3567 3568 if (shdr->sh_type >= SHT_NUM 3569 && shdr->sh_type != SHT_GNU_ATTRIBUTES 3570 && shdr->sh_type != SHT_GNU_LIBLIST 3571 && shdr->sh_type != SHT_CHECKSUM 3572 && shdr->sh_type != SHT_GNU_verdef 3573 && shdr->sh_type != SHT_GNU_verneed 3574 && shdr->sh_type != SHT_GNU_versym 3575 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL) 3576 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"), 3577 cnt, section_name (ebl, cnt), 3578 (int) shdr->sh_type); 3579 3580 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \ 3581 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \ 3582 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS) 3583 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS) 3584 { 3585 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS; 3586 if (sh_flags & SHF_MASKPROC) 3587 { 3588 if (!ebl_machine_section_flag_check (ebl, 3589 sh_flags & SHF_MASKPROC)) 3590 ERROR (gettext ("section [%2zu] '%s'" 3591 " contains invalid processor-specific flag(s)" 3592 " %#" PRIx64 "\n"), 3593 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC); 3594 sh_flags &= ~(GElf_Xword) SHF_MASKPROC; 3595 } 3596 if (sh_flags != 0) 3597 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)" 3598 " %#" PRIx64 "\n"), 3599 cnt, section_name (ebl, cnt), sh_flags); 3600 } 3601 if (shdr->sh_flags & SHF_TLS) 3602 { 3603 // XXX Correct? 3604 if (shdr->sh_addr != 0 && !gnuld) 3605 ERROR (gettext ("\ 3606 section [%2zu] '%s': thread-local data sections address not zero\n"), 3607 cnt, section_name (ebl, cnt)); 3608 3609 // XXX TODO more tests!? 3610 } 3611 3612 if (shdr->sh_link >= shnum) 3613 ERROR (gettext ("\ 3614 section [%2zu] '%s': invalid section reference in link value\n"), 3615 cnt, section_name (ebl, cnt)); 3616 3617 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum) 3618 ERROR (gettext ("\ 3619 section [%2zu] '%s': invalid section reference in info value\n"), 3620 cnt, section_name (ebl, cnt)); 3621 3622 if ((shdr->sh_flags & SHF_MERGE) == 0 3623 && (shdr->sh_flags & SHF_STRINGS) != 0 3624 && be_strict) 3625 ERROR (gettext ("\ 3626 section [%2zu] '%s': strings flag set without merge flag\n"), 3627 cnt, section_name (ebl, cnt)); 3628 3629 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0) 3630 ERROR (gettext ("\ 3631 section [%2zu] '%s': merge flag set but entry size is zero\n"), 3632 cnt, section_name (ebl, cnt)); 3633 3634 if (shdr->sh_flags & SHF_GROUP) 3635 check_scn_group (ebl, cnt); 3636 3637 if (shdr->sh_flags & SHF_EXECINSTR) 3638 { 3639 switch (shdr->sh_type) 3640 { 3641 case SHT_PROGBITS: 3642 break; 3643 3644 case SHT_NOBITS: 3645 if (is_debuginfo) 3646 break; 3647 default: 3648 ERROR (gettext ("\ 3649 section [%2zu] '%s' has unexpected type %d for an executable section\n"), 3650 cnt, section_name (ebl, cnt), shdr->sh_type); 3651 break; 3652 } 3653 3654 if ((shdr->sh_flags & SHF_WRITE) 3655 && !ebl_check_special_section (ebl, cnt, shdr, 3656 section_name (ebl, cnt))) 3657 ERROR (gettext ("\ 3658 section [%2zu] '%s' is both executable and writable\n"), 3659 cnt, section_name (ebl, cnt)); 3660 } 3661 3662 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0) 3663 { 3664 /* Make sure the section is contained in a loaded segment 3665 and that the initialization part matches NOBITS sections. */ 3666 int pcnt; 3667 GElf_Phdr phdr_mem; 3668 GElf_Phdr *phdr; 3669 3670 for (pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt) 3671 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL 3672 && ((phdr->p_type == PT_LOAD 3673 && (shdr->sh_flags & SHF_TLS) == 0) 3674 || (phdr->p_type == PT_TLS 3675 && (shdr->sh_flags & SHF_TLS) != 0)) 3676 && phdr->p_offset <= shdr->sh_offset 3677 && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset 3678 || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset 3679 && shdr->sh_type == SHT_NOBITS))) 3680 { 3681 /* Found the segment. */ 3682 if (phdr->p_offset + phdr->p_memsz 3683 < shdr->sh_offset + shdr->sh_size) 3684 ERROR (gettext ("\ 3685 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"), 3686 cnt, section_name (ebl, cnt), pcnt); 3687 3688 if (shdr->sh_type == SHT_NOBITS) 3689 { 3690 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz 3691 && !is_debuginfo) 3692 ERROR (gettext ("\ 3693 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"), 3694 cnt, section_name (ebl, cnt), pcnt); 3695 } 3696 else 3697 { 3698 const GElf_Off end = phdr->p_offset + phdr->p_filesz; 3699 if (shdr->sh_offset > end || 3700 (shdr->sh_offset == end && shdr->sh_size != 0)) 3701 ERROR (gettext ("\ 3702 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"), 3703 cnt, section_name (ebl, cnt), pcnt); 3704 } 3705 3706 if (shdr->sh_type != SHT_NOBITS) 3707 { 3708 if ((shdr->sh_flags & SHF_EXECINSTR) != 0) 3709 { 3710 segment_flags[pcnt] |= PF_X; 3711 if ((phdr->p_flags & PF_X) == 0) 3712 ERROR (gettext ("\ 3713 section [%2zu] '%s' is executable in nonexecutable segment %d\n"), 3714 cnt, section_name (ebl, cnt), pcnt); 3715 } 3716 3717 if ((shdr->sh_flags & SHF_WRITE) != 0) 3718 { 3719 segment_flags[pcnt] |= PF_W; 3720 if (0 /* XXX vdso images have this */ 3721 && (phdr->p_flags & PF_W) == 0) 3722 ERROR (gettext ("\ 3723 section [%2zu] '%s' is writable in unwritable segment %d\n"), 3724 cnt, section_name (ebl, cnt), pcnt); 3725 } 3726 } 3727 3728 break; 3729 } 3730 3731 if (pcnt == ehdr->e_phnum) 3732 ERROR (gettext ("\ 3733 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"), 3734 cnt, section_name (ebl, cnt)); 3735 } 3736 3737 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB) 3738 ERROR (gettext ("\ 3739 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"), 3740 cnt, section_name (ebl, cnt)); 3741 3742 switch (shdr->sh_type) 3743 { 3744 case SHT_DYNSYM: 3745 if (ehdr->e_type == ET_REL) 3746 ERROR (gettext ("\ 3747 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"), 3748 cnt, section_name (ebl, cnt)); 3749 /* FALLTHROUGH */ 3750 case SHT_SYMTAB: 3751 check_symtab (ebl, ehdr, shdr, cnt); 3752 break; 3753 3754 case SHT_RELA: 3755 check_rela (ebl, ehdr, shdr, cnt); 3756 break; 3757 3758 case SHT_REL: 3759 check_rel (ebl, ehdr, shdr, cnt); 3760 break; 3761 3762 case SHT_DYNAMIC: 3763 check_dynamic (ebl, ehdr, shdr, cnt); 3764 break; 3765 3766 case SHT_SYMTAB_SHNDX: 3767 check_symtab_shndx (ebl, ehdr, shdr, cnt); 3768 break; 3769 3770 case SHT_HASH: 3771 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3772 hash_idx = cnt; 3773 break; 3774 3775 case SHT_GNU_HASH: 3776 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3777 gnu_hash_idx = cnt; 3778 break; 3779 3780 case SHT_NULL: 3781 check_null (ebl, shdr, cnt); 3782 break; 3783 3784 case SHT_GROUP: 3785 check_group (ebl, ehdr, shdr, cnt); 3786 break; 3787 3788 case SHT_NOTE: 3789 check_note_section (ebl, ehdr, shdr, cnt); 3790 break; 3791 3792 case SHT_GNU_versym: 3793 /* We cannot process this section now since we have no guarantee 3794 that the verneed and verdef sections have already been read. 3795 Just remember the section index. */ 3796 if (versym_scnndx != 0) 3797 ERROR (gettext ("more than one version symbol table present\n")); 3798 versym_scnndx = cnt; 3799 break; 3800 3801 case SHT_GNU_verneed: 3802 check_verneed (ebl, ehdr, shdr, cnt); 3803 break; 3804 3805 case SHT_GNU_verdef: 3806 check_verdef (ebl, shdr, cnt); 3807 break; 3808 3809 case SHT_GNU_ATTRIBUTES: 3810 check_attributes (ebl, ehdr, shdr, cnt); 3811 break; 3812 3813 default: 3814 /* Nothing. */ 3815 break; 3816 } 3817 } 3818 3819 if (has_interp_segment && !dot_interp_section) 3820 ERROR (gettext ("INTERP program header entry but no .interp section\n")); 3821 3822 if (!is_debuginfo) 3823 for (int pcnt = 0; pcnt < ehdr->e_phnum; ++pcnt) 3824 { 3825 GElf_Phdr phdr_mem; 3826 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 3827 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS)) 3828 { 3829 if ((phdr->p_flags & PF_X) != 0 3830 && (segment_flags[pcnt] & PF_X) == 0) 3831 ERROR (gettext ("\ 3832 loadable segment [%u] is executable but contains no executable sections\n"), 3833 pcnt); 3834 3835 if ((phdr->p_flags & PF_W) != 0 3836 && (segment_flags[pcnt] & PF_W) == 0) 3837 ERROR (gettext ("\ 3838 loadable segment [%u] is writable but contains no writable sections\n"), 3839 pcnt); 3840 } 3841 } 3842 3843 free (segment_flags); 3844 3845 if (version_namelist != NULL) 3846 { 3847 if (versym_scnndx == 0) 3848 ERROR (gettext ("\ 3849 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n")); 3850 else 3851 check_versym (ebl, versym_scnndx); 3852 3853 /* Check for duplicate index numbers. */ 3854 do 3855 { 3856 struct version_namelist *runp = version_namelist->next; 3857 while (runp != NULL) 3858 { 3859 if (version_namelist->ndx == runp->ndx) 3860 { 3861 ERROR (gettext ("duplicate version index %d\n"), 3862 (int) version_namelist->ndx); 3863 break; 3864 } 3865 runp = runp->next; 3866 } 3867 3868 struct version_namelist *old = version_namelist; 3869 version_namelist = version_namelist->next; 3870 free (old); 3871 } 3872 while (version_namelist != NULL); 3873 } 3874 else if (versym_scnndx != 0) 3875 ERROR (gettext ("\ 3876 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n")); 3877 3878 if (hash_idx != 0 && gnu_hash_idx != 0) 3879 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx); 3880 3881 free (scnref); 3882 } 3883 3884 3885 static GElf_Off check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)3886 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr, 3887 Elf_Data *data, int shndx, int phndx, GElf_Off start) 3888 { 3889 size_t offset = 0; 3890 size_t last_offset = 0; 3891 GElf_Nhdr nhdr; 3892 size_t name_offset; 3893 size_t desc_offset; 3894 while (offset < data->d_size 3895 && (offset = gelf_getnote (data, offset, 3896 &nhdr, &name_offset, &desc_offset)) > 0) 3897 { 3898 last_offset = offset; 3899 3900 /* Make sure it is one of the note types we know about. */ 3901 if (ehdr->e_type == ET_CORE) 3902 switch (nhdr.n_type) 3903 { 3904 case NT_PRSTATUS: 3905 case NT_FPREGSET: 3906 case NT_PRPSINFO: 3907 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */ 3908 case NT_PLATFORM: 3909 case NT_AUXV: 3910 case NT_GWINDOWS: 3911 case NT_ASRS: 3912 case NT_PSTATUS: 3913 case NT_PSINFO: 3914 case NT_PRCRED: 3915 case NT_UTSNAME: 3916 case NT_LWPSTATUS: 3917 case NT_LWPSINFO: 3918 case NT_PRFPXREG: 3919 /* Known type. */ 3920 break; 3921 3922 default: 3923 if (shndx == 0) 3924 ERROR (gettext ("\ 3925 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"), 3926 phndx, (uint32_t) nhdr.n_type, start + offset); 3927 else 3928 ERROR (gettext ("\ 3929 section [%2d] '%s': unknown core file note type %" PRIu32 3930 " at offset %Zu\n"), 3931 shndx, section_name (ebl, shndx), 3932 (uint32_t) nhdr.n_type, offset); 3933 } 3934 else 3935 switch (nhdr.n_type) 3936 { 3937 case NT_GNU_ABI_TAG: 3938 case NT_GNU_HWCAP: 3939 case NT_GNU_BUILD_ID: 3940 break; 3941 3942 case 0: 3943 /* Linux vDSOs use a type 0 note for the kernel version word. */ 3944 if (nhdr.n_namesz == sizeof "Linux" 3945 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux")) 3946 break; 3947 3948 default: 3949 if (shndx == 0) 3950 ERROR (gettext ("\ 3951 phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"), 3952 phndx, (uint32_t) nhdr.n_type, offset); 3953 else 3954 ERROR (gettext ("\ 3955 section [%2d] '%s': unknown object file note type %" PRIu32 3956 " at offset %Zu\n"), 3957 shndx, section_name (ebl, shndx), 3958 (uint32_t) nhdr.n_type, offset); 3959 } 3960 } 3961 3962 return last_offset; 3963 } 3964 3965 static void check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)3966 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt) 3967 { 3968 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 3969 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 3970 ERROR (gettext ("\ 3971 phdr[%d]: no note entries defined for the type of file\n"), 3972 cnt); 3973 3974 if (is_debuginfo) 3975 /* The p_offset values in a separate debug file are bogus. */ 3976 return; 3977 3978 if (phdr->p_filesz == 0) 3979 return; 3980 3981 GElf_Off notes_size = 0; 3982 Elf_Data *data = elf_getdata_rawchunk (ebl->elf, 3983 phdr->p_offset, phdr->p_filesz, 3984 ELF_T_NHDR); 3985 if (data != NULL) 3986 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset); 3987 3988 if (notes_size == 0) 3989 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"), 3990 cnt, elf_errmsg (-1)); 3991 else if (notes_size != phdr->p_filesz) 3992 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"), 3993 cnt, phdr->p_filesz - notes_size); 3994 } 3995 3996 static void check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3997 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 3998 { 3999 if (shdr->sh_size == 0) 4000 return; 4001 4002 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 4003 if (data == NULL) 4004 { 4005 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 4006 idx, section_name (ebl, idx)); 4007 return; 4008 } 4009 4010 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4011 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4012 ERROR (gettext ("\ 4013 section [%2d] '%s': no note entries defined for the type of file\n"), 4014 idx, section_name (ebl, idx)); 4015 4016 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0); 4017 4018 if (notes_size == 0) 4019 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"), 4020 idx, section_name (ebl, idx)); 4021 else if (notes_size != shdr->sh_size) 4022 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64 4023 " bytes after last note\n"), 4024 idx, section_name (ebl, idx), shdr->sh_size - notes_size); 4025 } 4026 4027 static void check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4028 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr) 4029 { 4030 if (ehdr->e_phoff == 0) 4031 return; 4032 4033 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 4034 && ehdr->e_type != ET_CORE) 4035 ERROR (gettext ("\ 4036 only executables, shared objects, and core files can have program headers\n")); 4037 4038 int num_pt_interp = 0; 4039 int num_pt_tls = 0; 4040 int num_pt_relro = 0; 4041 4042 for (int cnt = 0; cnt < ehdr->e_phnum; ++cnt) 4043 { 4044 GElf_Phdr phdr_mem; 4045 GElf_Phdr *phdr; 4046 4047 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem); 4048 if (phdr == NULL) 4049 { 4050 ERROR (gettext ("cannot get program header entry %d: %s\n"), 4051 cnt, elf_errmsg (-1)); 4052 continue; 4053 } 4054 4055 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME 4056 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO 4057 /* Check for a known machine-specific type. */ 4058 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL) 4059 ERROR (gettext ("\ 4060 program header entry %d: unknown program header entry type %#" PRIx64 "\n"), 4061 cnt, (uint64_t) phdr->p_type); 4062 4063 if (phdr->p_type == PT_LOAD) 4064 has_loadable_segment = true; 4065 else if (phdr->p_type == PT_INTERP) 4066 { 4067 if (++num_pt_interp != 1) 4068 { 4069 if (num_pt_interp == 2) 4070 ERROR (gettext ("\ 4071 more than one INTERP entry in program header\n")); 4072 } 4073 has_interp_segment = true; 4074 } 4075 else if (phdr->p_type == PT_TLS) 4076 { 4077 if (++num_pt_tls == 2) 4078 ERROR (gettext ("more than one TLS entry in program header\n")); 4079 } 4080 else if (phdr->p_type == PT_NOTE) 4081 check_note (ebl, ehdr, phdr, cnt); 4082 else if (phdr->p_type == PT_DYNAMIC) 4083 { 4084 if (ehdr->e_type == ET_EXEC && ! has_interp_segment) 4085 ERROR (gettext ("\ 4086 static executable cannot have dynamic sections\n")); 4087 else 4088 { 4089 /* Check that the .dynamic section, if it exists, has 4090 the same address. */ 4091 Elf_Scn *scn = NULL; 4092 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4093 { 4094 GElf_Shdr shdr_mem; 4095 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 4096 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC) 4097 { 4098 if (phdr->p_offset != shdr->sh_offset) 4099 ERROR (gettext ("\ 4100 dynamic section reference in program header has wrong offset\n")); 4101 if (phdr->p_memsz != shdr->sh_size) 4102 ERROR (gettext ("\ 4103 dynamic section size mismatch in program and section header\n")); 4104 break; 4105 } 4106 } 4107 } 4108 } 4109 else if (phdr->p_type == PT_GNU_RELRO) 4110 { 4111 if (++num_pt_relro == 2) 4112 ERROR (gettext ("\ 4113 more than one GNU_RELRO entry in program header\n")); 4114 else 4115 { 4116 /* Check that the region is in a writable segment. */ 4117 int inner; 4118 for (inner = 0; inner < ehdr->e_phnum; ++inner) 4119 { 4120 GElf_Phdr phdr2_mem; 4121 GElf_Phdr *phdr2; 4122 4123 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4124 if (phdr2 == NULL) 4125 continue; 4126 4127 if (phdr2->p_type == PT_LOAD 4128 && phdr->p_vaddr >= phdr2->p_vaddr 4129 && (phdr->p_vaddr + phdr->p_memsz 4130 <= phdr2->p_vaddr + phdr2->p_memsz)) 4131 { 4132 if ((phdr2->p_flags & PF_W) == 0) 4133 ERROR (gettext ("\ 4134 loadable segment GNU_RELRO applies to is not writable\n")); 4135 if ((phdr2->p_flags &~ PF_W) != (phdr->p_flags &~ PF_W)) 4136 ERROR (gettext ("\ 4137 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"), 4138 cnt, inner); 4139 break; 4140 } 4141 } 4142 4143 if (inner >= ehdr->e_phnum) 4144 ERROR (gettext ("\ 4145 %s segment not contained in a loaded segment\n"), "GNU_RELRO"); 4146 } 4147 } 4148 else if (phdr->p_type == PT_PHDR) 4149 { 4150 /* Check that the region is in a writable segment. */ 4151 int inner; 4152 for (inner = 0; inner < ehdr->e_phnum; ++inner) 4153 { 4154 GElf_Phdr phdr2_mem; 4155 GElf_Phdr *phdr2; 4156 4157 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4158 if (phdr2 != NULL 4159 && phdr2->p_type == PT_LOAD 4160 && phdr->p_vaddr >= phdr2->p_vaddr 4161 && (phdr->p_vaddr + phdr->p_memsz 4162 <= phdr2->p_vaddr + phdr2->p_memsz)) 4163 break; 4164 } 4165 4166 if (inner >= ehdr->e_phnum) 4167 ERROR (gettext ("\ 4168 %s segment not contained in a loaded segment\n"), "PHDR"); 4169 4170 /* Check that offset in segment corresponds to offset in ELF 4171 header. */ 4172 if (phdr->p_offset != ehdr->e_phoff) 4173 ERROR (gettext ("\ 4174 program header offset in ELF header and PHDR entry do not match")); 4175 } 4176 4177 if (phdr->p_filesz > phdr->p_memsz 4178 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE)) 4179 ERROR (gettext ("\ 4180 program header entry %d: file size greater than memory size\n"), 4181 cnt); 4182 4183 if (phdr->p_align > 1) 4184 { 4185 if (!powerof2 (phdr->p_align)) 4186 ERROR (gettext ("\ 4187 program header entry %d: alignment not a power of 2\n"), cnt); 4188 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0) 4189 ERROR (gettext ("\ 4190 program header entry %d: file offset and virtual address not module of alignment\n"), cnt); 4191 } 4192 } 4193 } 4194 4195 4196 /* Process one file. */ 4197 static void process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4198 process_elf_file (Elf *elf, const char *prefix, const char *suffix, 4199 const char *fname, size_t size, bool only_one) 4200 { 4201 /* Reset variables. */ 4202 ndynamic = 0; 4203 nverneed = 0; 4204 nverdef = 0; 4205 textrel = false; 4206 needed_textrel = false; 4207 has_loadable_segment = false; 4208 has_interp_segment = false; 4209 4210 GElf_Ehdr ehdr_mem; 4211 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem); 4212 Ebl *ebl; 4213 4214 /* Print the file name. */ 4215 if (!only_one) 4216 { 4217 if (prefix != NULL) 4218 printf ("\n%s(%s)%s:\n", prefix, fname, suffix); 4219 else 4220 printf ("\n%s:\n", fname); 4221 } 4222 4223 if (ehdr == NULL) 4224 { 4225 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1)); 4226 return; 4227 } 4228 4229 ebl = ebl_openbackend (elf); 4230 /* If there is no appropriate backend library we cannot test 4231 architecture and OS specific features. Any encountered extension 4232 is an error. */ 4233 4234 /* Go straight by the gABI, check all the parts in turn. */ 4235 check_elf_header (ebl, ehdr, size); 4236 4237 /* Check the program header. */ 4238 check_program_header (ebl, ehdr); 4239 4240 /* Next the section headers. It is OK if there are no section 4241 headers at all. */ 4242 check_sections (ebl, ehdr); 4243 4244 /* Report if no relocation section needed the text relocation flag. */ 4245 if (textrel && !needed_textrel) 4246 ERROR (gettext ("text relocation flag set but not needed\n")); 4247 4248 /* Free the resources. */ 4249 ebl_closebackend (ebl); 4250 } 4251 4252 4253 #include "debugpred.h" 4254