1 /* Pedantic checking of ELF files compliance with gABI/psABI spec.
2 Copyright (C) 2001-2012 Red Hat, Inc.
3 This file is part of Red Hat elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 2001.
5
6 Red Hat elfutils is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by the
8 Free Software Foundation; version 2 of the License.
9
10 Red Hat elfutils is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License along
16 with Red Hat elfutils; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA.
18
19 Red Hat elfutils is an included package of the Open Invention Network.
20 An included package of the Open Invention Network is a package for which
21 Open Invention Network licensees cross-license their patents. No patent
22 license is granted, either expressly or impliedly, by designation as an
23 included package. Should you wish to participate in the Open Invention
24 Network licensing program, please visit www.openinventionnetwork.com
25 <http://www.openinventionnetwork.com>. */
26
27 #ifdef HAVE_CONFIG_H
28 # include <config.h>
29 #endif
30
31 #include <argp.h>
32 #include <assert.h>
33 #include <byteswap.h>
34 #include <endian.h>
35 #include <error.h>
36 #include <fcntl.h>
37 #include <gelf.h>
38 #include <inttypes.h>
39 #include <libintl.h>
40 #include <locale.h>
41 #include <stdbool.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <unistd.h>
45 #include <sys/stat.h>
46 #include <sys/param.h>
47
48 #include <elf-knowledge.h>
49 #include <system.h>
50 #include "../libelf/libelfP.h"
51 #include "../libelf/common.h"
52 #include "../libebl/libeblP.h"
53 #include "../libdw/libdwP.h"
54 #include "../libdwfl/libdwflP.h"
55 #include "../libdw/memory-access.h"
56
57
58 /* Name and version of program. */
59 static void print_version (FILE *stream, struct argp_state *state);
60 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version;
61
62 /* Bug report address. */
63 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT;
64
65 #define ARGP_strict 300
66 #define ARGP_gnuld 301
67
68 /* Definitions of arguments for argp functions. */
69 static const struct argp_option options[] =
70 {
71 { "strict", ARGP_strict, NULL, 0,
72 N_("Be extremely strict, flag level 2 features."), 0 },
73 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 },
74 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 },
75 { "gnu-ld", ARGP_gnuld, NULL, 0,
76 N_("Binary has been created with GNU ld and is therefore known to be \
77 broken in certain ways"), 0 },
78 { NULL, 0, NULL, 0, NULL, 0 }
79 };
80
81 /* Short description of program. */
82 static const char doc[] = N_("\
83 Pedantic checking of ELF files compliance with gABI/psABI spec.");
84
85 /* Strings for arguments in help texts. */
86 static const char args_doc[] = N_("FILE...");
87
88 /* Prototype for option handler. */
89 static error_t parse_opt (int key, char *arg, struct argp_state *state);
90
91 /* Data structure to communicate with argp functions. */
92 static struct argp argp =
93 {
94 options, parse_opt, args_doc, doc, NULL, NULL, NULL
95 };
96
97
98 /* Declarations of local functions. */
99 static void process_file (int fd, Elf *elf, const char *prefix,
100 const char *suffix, const char *fname, size_t size,
101 bool only_one);
102 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix,
103 const char *fname, size_t size, bool only_one);
104 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr,
105 GElf_Shdr *shdr, int idx);
106
107
108 /* Report an error. */
109 #define ERROR(str, args...) \
110 do { \
111 printf (str, ##args); \
112 ++error_count; \
113 } while (0)
114 static unsigned int error_count;
115
116 /* True if we should perform very strict testing. */
117 static bool be_strict;
118
119 /* True if no message is to be printed if the run is succesful. */
120 static bool be_quiet;
121
122 /* True if binary is from strip -f, not a normal ELF file. */
123 static bool is_debuginfo;
124
125 /* True if binary is assumed to be generated with GNU ld. */
126 static bool gnuld;
127
128 /* Index of section header string table. */
129 static uint32_t shstrndx;
130
131 /* Array to count references in section groups. */
132 static int *scnref;
133
134
135 int
main(int argc,char * argv[])136 main (int argc, char *argv[])
137 {
138 /* Set locale. */
139 setlocale (LC_ALL, "");
140
141 /* Initialize the message catalog. */
142 textdomain (PACKAGE_TARNAME);
143
144 /* Parse and process arguments. */
145 int remaining;
146 argp_parse (&argp, argc, argv, 0, &remaining, NULL);
147
148 /* Before we start tell the ELF library which version we are using. */
149 elf_version (EV_CURRENT);
150
151 /* Now process all the files given at the command line. */
152 bool only_one = remaining + 1 == argc;
153 do
154 {
155 /* Open the file. */
156 int fd = open (argv[remaining], O_RDONLY);
157 if (fd == -1)
158 {
159 error (0, errno, gettext ("cannot open input file"));
160 continue;
161 }
162
163 /* Create an `Elf' descriptor. */
164 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL);
165 if (elf == NULL)
166 ERROR (gettext ("cannot generate Elf descriptor: %s\n"),
167 elf_errmsg (-1));
168 else
169 {
170 unsigned int prev_error_count = error_count;
171 struct stat64 st;
172
173 if (fstat64 (fd, &st) != 0)
174 {
175 printf ("cannot stat '%s': %m\n", argv[remaining]);
176 close (fd);
177 continue;
178 }
179
180 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size,
181 only_one);
182
183 /* Now we can close the descriptor. */
184 if (elf_end (elf) != 0)
185 ERROR (gettext ("error while closing Elf descriptor: %s\n"),
186 elf_errmsg (-1));
187
188 if (prev_error_count == error_count && !be_quiet)
189 puts (gettext ("No errors"));
190 }
191
192 close (fd);
193 }
194 while (++remaining < argc);
195
196 return error_count != 0;
197 }
198
199
200 /* Handle program arguments. */
201 static error_t
parse_opt(int key,char * arg,struct argp_state * state)202 parse_opt (int key, char *arg __attribute__ ((unused)),
203 struct argp_state *state __attribute__ ((unused)))
204 {
205 switch (key)
206 {
207 case ARGP_strict:
208 be_strict = true;
209 break;
210
211 case 'q':
212 be_quiet = true;
213 break;
214
215 case 'd':
216 is_debuginfo = true;
217
218 case ARGP_gnuld:
219 gnuld = true;
220 break;
221
222 case ARGP_KEY_NO_ARGS:
223 fputs (gettext ("Missing file name.\n"), stderr);
224 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name);
225 exit (EXIT_FAILURE);
226
227 default:
228 return ARGP_ERR_UNKNOWN;
229 }
230 return 0;
231 }
232
233
234 /* Print the version information. */
235 static void
print_version(FILE * stream,struct argp_state * state)236 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused)))
237 {
238 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION);
239 fprintf (stream, gettext ("\
240 Copyright (C) %s Red Hat, Inc.\n\
241 This is free software; see the source for copying conditions. There is NO\n\
242 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
243 "), "2012");
244 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper");
245 }
246
247
248 /* Process one file. */
249 static void
process_file(int fd,Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)250 process_file (int fd, Elf *elf, const char *prefix, const char *suffix,
251 const char *fname, size_t size, bool only_one)
252 {
253 /* We can handle two types of files: ELF files and archives. */
254 Elf_Kind kind = elf_kind (elf);
255
256 switch (kind)
257 {
258 case ELF_K_ELF:
259 /* Yes! It's an ELF file. */
260 process_elf_file (elf, prefix, suffix, fname, size, only_one);
261 break;
262
263 case ELF_K_AR:
264 {
265 Elf *subelf;
266 Elf_Cmd cmd = ELF_C_READ_MMAP;
267 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix);
268 size_t fname_len = strlen (fname) + 1;
269 char new_prefix[prefix_len + 1 + fname_len];
270 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2];
271 char *cp = new_prefix;
272
273 /* Create the full name of the file. */
274 if (prefix != NULL)
275 {
276 cp = mempcpy (cp, prefix, prefix_len);
277 *cp++ = '(';
278 strcpy (stpcpy (new_suffix, suffix), ")");
279 }
280 else
281 new_suffix[0] = '\0';
282 memcpy (cp, fname, fname_len);
283
284 /* It's an archive. We process each file in it. */
285 while ((subelf = elf_begin (fd, cmd, elf)) != NULL)
286 {
287 kind = elf_kind (subelf);
288
289 /* Call this function recursively. */
290 if (kind == ELF_K_ELF || kind == ELF_K_AR)
291 {
292 Elf_Arhdr *arhdr = elf_getarhdr (subelf);
293 assert (arhdr != NULL);
294
295 process_file (fd, subelf, new_prefix, new_suffix,
296 arhdr->ar_name, arhdr->ar_size, false);
297 }
298
299 /* Get next archive element. */
300 cmd = elf_next (subelf);
301 if (elf_end (subelf) != 0)
302 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"),
303 elf_errmsg (-1));
304 }
305 }
306 break;
307
308 default:
309 /* We cannot do anything. */
310 ERROR (gettext ("\
311 Not an ELF file - it has the wrong magic bytes at the start\n"));
312 break;
313 }
314 }
315
316
317 static const char *
section_name(Ebl * ebl,int idx)318 section_name (Ebl *ebl, int idx)
319 {
320 GElf_Shdr shdr_mem;
321 GElf_Shdr *shdr;
322
323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem);
324
325 return elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
326 }
327
328
329 static const int valid_e_machine[] =
330 {
331 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370,
332 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC,
333 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM,
334 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300,
335 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE,
336 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16,
337 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7,
338 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX,
339 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM,
340 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300,
341 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA
342 };
343 #define nvalid_e_machine \
344 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0]))
345
346
347 /* Numbers of sections and program headers. */
348 static unsigned int shnum;
349 static unsigned int phnum;
350
351
352 static void
check_elf_header(Ebl * ebl,GElf_Ehdr * ehdr,size_t size)353 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size)
354 {
355 char buf[512];
356 size_t cnt;
357
358 /* Check e_ident field. */
359 if (ehdr->e_ident[EI_MAG0] != ELFMAG0)
360 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0);
361 if (ehdr->e_ident[EI_MAG1] != ELFMAG1)
362 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1);
363 if (ehdr->e_ident[EI_MAG2] != ELFMAG2)
364 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2);
365 if (ehdr->e_ident[EI_MAG3] != ELFMAG3)
366 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3);
367
368 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32
369 && ehdr->e_ident[EI_CLASS] != ELFCLASS64)
370 ERROR (gettext ("e_ident[%d] == %d is no known class\n"),
371 EI_CLASS, ehdr->e_ident[EI_CLASS]);
372
373 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB
374 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB)
375 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"),
376 EI_DATA, ehdr->e_ident[EI_DATA]);
377
378 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT)
379 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"),
380 EI_VERSION, ehdr->e_ident[EI_VERSION]);
381
382 /* We currently don't handle any OS ABIs other than Linux. */
383 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE
384 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX)
385 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"),
386 EI_OSABI,
387 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf)));
388
389 /* No ABI versions other than zero supported either. */
390 if (ehdr->e_ident[EI_ABIVERSION] != 0)
391 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"),
392 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]);
393
394 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt)
395 if (ehdr->e_ident[cnt] != 0)
396 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt);
397
398 /* Check the e_type field. */
399 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC
400 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE)
401 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type);
402
403 /* Check the e_machine field. */
404 for (cnt = 0; cnt < nvalid_e_machine; ++cnt)
405 if (valid_e_machine[cnt] == ehdr->e_machine)
406 break;
407 if (cnt == nvalid_e_machine)
408 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine);
409
410 /* Check the e_version field. */
411 if (ehdr->e_version != EV_CURRENT)
412 ERROR (gettext ("unknown object file version\n"));
413
414 /* Check the e_phoff and e_phnum fields. */
415 if (ehdr->e_phoff == 0)
416 {
417 if (ehdr->e_phnum != 0)
418 ERROR (gettext ("invalid program header offset\n"));
419 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
420 ERROR (gettext ("\
421 executables and DSOs cannot have zero program header offset\n"));
422 }
423 else if (ehdr->e_phnum == 0)
424 ERROR (gettext ("invalid number of program header entries\n"));
425
426 /* Check the e_shoff field. */
427 shnum = ehdr->e_shnum;
428 shstrndx = ehdr->e_shstrndx;
429 if (ehdr->e_shoff == 0)
430 {
431 if (ehdr->e_shnum != 0)
432 ERROR (gettext ("invalid section header table offset\n"));
433 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
434 && ehdr->e_type != ET_CORE)
435 ERROR (gettext ("section header table must be present\n"));
436 }
437 else
438 {
439 if (ehdr->e_shnum == 0)
440 {
441 /* Get the header of the zeroth section. The sh_size field
442 might contain the section number. */
443 GElf_Shdr shdr_mem;
444 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
445 if (shdr != NULL)
446 {
447 /* The error will be reported later. */
448 if (shdr->sh_size == 0)
449 ERROR (gettext ("\
450 invalid number of section header table entries\n"));
451 else
452 shnum = shdr->sh_size;
453 }
454 }
455
456 if (ehdr->e_shstrndx == SHN_XINDEX)
457 {
458 /* Get the header of the zeroth section. The sh_size field
459 might contain the section number. */
460 GElf_Shdr shdr_mem;
461 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
462 if (shdr != NULL && shdr->sh_link < shnum)
463 shstrndx = shdr->sh_link;
464 }
465 else if (shstrndx >= shnum)
466 ERROR (gettext ("invalid section header index\n"));
467 }
468
469 phnum = ehdr->e_phnum;
470 if (ehdr->e_phnum == PN_XNUM)
471 {
472 /* Get the header of the zeroth section. The sh_info field
473 might contain the phnum count. */
474 GElf_Shdr shdr_mem;
475 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
476 if (shdr != NULL)
477 {
478 /* The error will be reported later. */
479 if (shdr->sh_info < PN_XNUM)
480 ERROR (gettext ("\
481 invalid number of program header table entries\n"));
482 else
483 phnum = shdr->sh_info;
484 }
485 }
486
487 /* Check the e_flags field. */
488 if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
489 ERROR (gettext ("invalid machine flags: %s\n"),
490 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf)));
491
492 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */
493 if (gelf_getclass (ebl->elf) == ELFCLASS32)
494 {
495 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr))
496 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
497
498 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr))
499 ERROR (gettext ("invalid program header size: %hd\n"),
500 ehdr->e_phentsize);
501 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
502 ERROR (gettext ("invalid program header position or size\n"));
503
504 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr))
505 ERROR (gettext ("invalid section header size: %hd\n"),
506 ehdr->e_shentsize);
507 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size)
508 ERROR (gettext ("invalid section header position or size\n"));
509 }
510 else if (gelf_getclass (ebl->elf) == ELFCLASS64)
511 {
512 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr))
513 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize);
514
515 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr))
516 ERROR (gettext ("invalid program header size: %hd\n"),
517 ehdr->e_phentsize);
518 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size)
519 ERROR (gettext ("invalid program header position or size\n"));
520
521 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr))
522 ERROR (gettext ("invalid section header size: %hd\n"),
523 ehdr->e_shentsize);
524 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size)
525 ERROR (gettext ("invalid section header position or size\n"));
526 }
527 }
528
529
530 /* Check that there is a section group section with index < IDX which
531 contains section IDX and that there is exactly one. */
532 static void
check_scn_group(Ebl * ebl,int idx)533 check_scn_group (Ebl *ebl, int idx)
534 {
535 if (scnref[idx] == 0)
536 {
537 /* No reference so far. Search following sections, maybe the
538 order is wrong. */
539 size_t cnt;
540
541 for (cnt = idx + 1; cnt < shnum; ++cnt)
542 {
543 Elf_Scn *scn = elf_getscn (ebl->elf, cnt);
544 GElf_Shdr shdr_mem;
545 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
546 if (shdr == NULL)
547 /* We cannot get the section header so we cannot check it.
548 The error to get the section header will be shown
549 somewhere else. */
550 continue;
551
552 if (shdr->sh_type != SHT_GROUP)
553 continue;
554
555 Elf_Data *data = elf_getdata (scn, NULL);
556 if (data == NULL || data->d_size < sizeof (Elf32_Word))
557 /* Cannot check the section. */
558 continue;
559
560 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf;
561 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word);
562 ++inner)
563 if (grpdata[inner] == (Elf32_Word) idx)
564 goto out;
565 }
566
567 out:
568 if (cnt == shnum)
569 ERROR (gettext ("\
570 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"),
571 idx, section_name (ebl, idx));
572 else
573 ERROR (gettext ("\
574 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"),
575 idx, section_name (ebl, idx),
576 cnt, section_name (ebl, cnt));
577 }
578 }
579
580
581 static void
check_symtab(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)582 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
583 {
584 bool no_xndx_warned = false;
585 int no_pt_tls = 0;
586 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
587 if (data == NULL)
588 {
589 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
590 idx, section_name (ebl, idx));
591 return;
592 }
593
594 GElf_Shdr strshdr_mem;
595 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
596 &strshdr_mem);
597 if (strshdr == NULL)
598 return;
599
600 if (strshdr->sh_type != SHT_STRTAB)
601 {
602 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
603 shdr->sh_link, section_name (ebl, shdr->sh_link),
604 idx, section_name (ebl, idx));
605 strshdr = NULL;
606 }
607
608 /* Search for an extended section index table section. */
609 Elf_Data *xndxdata = NULL;
610 Elf32_Word xndxscnidx = 0;
611 bool found_xndx = false;
612 for (size_t cnt = 1; cnt < shnum; ++cnt)
613 if (cnt != (size_t) idx)
614 {
615 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt);
616 GElf_Shdr xndxshdr_mem;
617 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem);
618 if (xndxshdr == NULL)
619 continue;
620
621 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX
622 && xndxshdr->sh_link == (GElf_Word) idx)
623 {
624 if (found_xndx)
625 ERROR (gettext ("\
626 section [%2d] '%s': symbol table cannot have more than one extended index section\n"),
627 idx, section_name (ebl, idx));
628
629 xndxdata = elf_getdata (xndxscn, NULL);
630 xndxscnidx = elf_ndxscn (xndxscn);
631 found_xndx = true;
632 }
633 }
634
635 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT))
636 ERROR (gettext ("\
637 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
638 idx, section_name (ebl, idx));
639
640 /* Test the zeroth entry. */
641 GElf_Sym sym_mem;
642 Elf32_Word xndx;
643 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx);
644 if (sym == NULL)
645 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"),
646 idx, section_name (ebl, idx), 0, elf_errmsg (-1));
647 else
648 {
649 if (sym->st_name != 0)
650 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
651 idx, section_name (ebl, idx), "st_name");
652 if (sym->st_value != 0)
653 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
654 idx, section_name (ebl, idx), "st_value");
655 if (sym->st_size != 0)
656 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
657 idx, section_name (ebl, idx), "st_size");
658 if (sym->st_info != 0)
659 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
660 idx, section_name (ebl, idx), "st_info");
661 if (sym->st_other != 0)
662 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
663 idx, section_name (ebl, idx), "st_other");
664 if (sym->st_shndx != 0)
665 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"),
666 idx, section_name (ebl, idx), "st_shndx");
667 if (xndxdata != NULL && xndx != 0)
668 ERROR (gettext ("\
669 section [%2d] '%s': XINDEX for zeroth entry not zero\n"),
670 xndxscnidx, section_name (ebl, xndxscnidx));
671 }
672
673 for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
674 {
675 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx);
676 if (sym == NULL)
677 {
678 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"),
679 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
680 continue;
681 }
682
683 const char *name = NULL;
684 if (strshdr == NULL)
685 name = "";
686 else if (sym->st_name >= strshdr->sh_size)
687 ERROR (gettext ("\
688 section [%2d] '%s': symbol %zu: invalid name value\n"),
689 idx, section_name (ebl, idx), cnt);
690 else
691 {
692 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name);
693 assert (name != NULL);
694 }
695
696 if (sym->st_shndx == SHN_XINDEX)
697 {
698 if (xndxdata == NULL)
699 {
700 if (!no_xndx_warned)
701 ERROR (gettext ("\
702 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"),
703 idx, section_name (ebl, idx), cnt);
704 no_xndx_warned = true;
705 }
706 else if (xndx < SHN_LORESERVE)
707 ERROR (gettext ("\
708 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"),
709 xndxscnidx, section_name (ebl, xndxscnidx), cnt,
710 xndx);
711 }
712 else if ((sym->st_shndx >= SHN_LORESERVE
713 // && sym->st_shndx <= SHN_HIRESERVE always true
714 && sym->st_shndx != SHN_ABS
715 && sym->st_shndx != SHN_COMMON)
716 || (sym->st_shndx >= shnum
717 && (sym->st_shndx < SHN_LORESERVE
718 /* || sym->st_shndx > SHN_HIRESERVE always false */)))
719 ERROR (gettext ("\
720 section [%2d] '%s': symbol %zu: invalid section index\n"),
721 idx, section_name (ebl, idx), cnt);
722 else
723 xndx = sym->st_shndx;
724
725 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM
726 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0))
727 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"),
728 idx, section_name (ebl, idx), cnt);
729
730 if (GELF_ST_BIND (sym->st_info) >= STB_NUM
731 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL,
732 0))
733 ERROR (gettext ("\
734 section [%2d] '%s': symbol %zu: unknown symbol binding\n"),
735 idx, section_name (ebl, idx), cnt);
736 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE
737 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
738 ERROR (gettext ("\
739 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"),
740 idx, section_name (ebl, idx), cnt);
741
742 if (xndx == SHN_COMMON)
743 {
744 /* Common symbols can only appear in relocatable files. */
745 if (ehdr->e_type != ET_REL)
746 ERROR (gettext ("\
747 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"),
748 idx, section_name (ebl, idx), cnt);
749 if (cnt < shdr->sh_info)
750 ERROR (gettext ("\
751 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"),
752 idx, section_name (ebl, idx), cnt);
753 if (GELF_R_TYPE (sym->st_info) == STT_FUNC)
754 ERROR (gettext ("\
755 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"),
756 idx, section_name (ebl, idx), cnt);
757 }
758 else if (xndx > 0 && xndx < shnum)
759 {
760 GElf_Shdr destshdr_mem;
761 GElf_Shdr *destshdr;
762
763 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem);
764 if (destshdr != NULL)
765 {
766 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0
767 : destshdr->sh_addr);
768 if (GELF_ST_TYPE (sym->st_info) != STT_TLS)
769 {
770 if (! ebl_check_special_symbol (ebl, ehdr, sym, name,
771 destshdr))
772 {
773 if (sym->st_value - sh_addr > destshdr->sh_size)
774 {
775 /* GNU ld has severe bugs. When it decides to remove
776 empty sections it leaves symbols referencing them
777 behind. These are symbols in .symtab. */
778 if (!gnuld
779 || strcmp (section_name (ebl, idx), ".symtab")
780 || (strcmp (name, "__preinit_array_start") != 0
781 && strcmp (name, "__preinit_array_end") != 0
782 && strcmp (name, "__init_array_start") != 0
783 && strcmp (name, "__init_array_end") != 0
784 && strcmp (name, "__fini_array_start") != 0
785 && strcmp (name, "__fini_array_end") != 0))
786 ERROR (gettext ("\
787 section [%2d] '%s': symbol %zu: st_value out of bounds\n"),
788 idx, section_name (ebl, idx), cnt);
789 }
790 else if ((sym->st_value - sh_addr
791 + sym->st_size) > destshdr->sh_size)
792 ERROR (gettext ("\
793 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
794 idx, section_name (ebl, idx), cnt,
795 (int) xndx, section_name (ebl, xndx));
796 }
797 }
798 else
799 {
800 if ((destshdr->sh_flags & SHF_TLS) == 0)
801 ERROR (gettext ("\
802 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"),
803 idx, section_name (ebl, idx), cnt,
804 (int) xndx, section_name (ebl, xndx));
805
806 if (ehdr->e_type == ET_REL)
807 {
808 /* For object files the symbol value must fall
809 into the section. */
810 if (sym->st_value > destshdr->sh_size)
811 ERROR (gettext ("\
812 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
813 idx, section_name (ebl, idx), cnt,
814 (int) xndx, section_name (ebl, xndx));
815 else if (sym->st_value + sym->st_size
816 > destshdr->sh_size)
817 ERROR (gettext ("\
818 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
819 idx, section_name (ebl, idx), cnt,
820 (int) xndx, section_name (ebl, xndx));
821 }
822 else
823 {
824 GElf_Phdr phdr_mem;
825 GElf_Phdr *phdr = NULL;
826 unsigned int pcnt;
827
828 for (pcnt = 0; pcnt < phnum; ++pcnt)
829 {
830 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
831 if (phdr != NULL && phdr->p_type == PT_TLS)
832 break;
833 }
834
835 if (pcnt == phnum)
836 {
837 if (no_pt_tls++ == 0)
838 ERROR (gettext ("\
839 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"),
840 idx, section_name (ebl, idx), cnt);
841 }
842 else
843 {
844 if (sym->st_value
845 < destshdr->sh_offset - phdr->p_offset)
846 ERROR (gettext ("\
847 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"),
848 idx, section_name (ebl, idx), cnt,
849 (int) xndx, section_name (ebl, xndx));
850 else if (sym->st_value
851 > (destshdr->sh_offset - phdr->p_offset
852 + destshdr->sh_size))
853 ERROR (gettext ("\
854 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"),
855 idx, section_name (ebl, idx), cnt,
856 (int) xndx, section_name (ebl, xndx));
857 else if (sym->st_value + sym->st_size
858 > (destshdr->sh_offset - phdr->p_offset
859 + destshdr->sh_size))
860 ERROR (gettext ("\
861 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"),
862 idx, section_name (ebl, idx), cnt,
863 (int) xndx, section_name (ebl, xndx));
864 }
865 }
866 }
867 }
868 }
869
870 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
871 {
872 if (cnt >= shdr->sh_info)
873 ERROR (gettext ("\
874 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"),
875 idx, section_name (ebl, idx), cnt);
876 }
877 else
878 {
879 if (cnt < shdr->sh_info)
880 ERROR (gettext ("\
881 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"),
882 idx, section_name (ebl, idx), cnt);
883 }
884
885 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION
886 && GELF_ST_BIND (sym->st_info) != STB_LOCAL)
887 ERROR (gettext ("\
888 section [%2d] '%s': symbol %zu: non-local section symbol\n"),
889 idx, section_name (ebl, idx), cnt);
890
891 if (name != NULL)
892 {
893 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0)
894 {
895 /* Check that address and size match the global offset table. */
896
897 GElf_Shdr destshdr_mem;
898 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx),
899 &destshdr_mem);
900
901 if (destshdr == NULL && xndx == SHN_ABS)
902 {
903 /* In a DSO, we have to find the GOT section by name. */
904 Elf_Scn *gotscn = NULL;
905 Elf_Scn *gscn = NULL;
906 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL)
907 {
908 destshdr = gelf_getshdr (gscn, &destshdr_mem);
909 assert (destshdr != NULL);
910 const char *sname = elf_strptr (ebl->elf,
911 ehdr->e_shstrndx,
912 destshdr->sh_name);
913 if (sname != NULL)
914 {
915 if (strcmp (sname, ".got.plt") == 0)
916 break;
917 if (strcmp (sname, ".got") == 0)
918 /* Do not stop looking.
919 There might be a .got.plt section. */
920 gotscn = gscn;
921 }
922
923 destshdr = NULL;
924 }
925
926 if (destshdr == NULL && gotscn != NULL)
927 destshdr = gelf_getshdr (gotscn, &destshdr_mem);
928 }
929
930 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF)
931 ? NULL
932 : elf_strptr (ebl->elf, ehdr->e_shstrndx,
933 destshdr->sh_name));
934 if (sname == NULL)
935 {
936 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL)
937 ERROR (gettext ("\
938 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
939 bad section [%2d]\n"),
940 idx, section_name (ebl, idx), xndx);
941 }
942 else if (strcmp (sname, ".got.plt") != 0
943 && strcmp (sname, ".got") != 0)
944 ERROR (gettext ("\
945 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \
946 section [%2d] '%s'\n"),
947 idx, section_name (ebl, idx), xndx, sname);
948
949 if (destshdr != NULL)
950 {
951 /* Found it. */
952 if (!ebl_check_special_symbol (ebl, ehdr, sym, name,
953 destshdr))
954 {
955 if (ehdr->e_type != ET_REL
956 && sym->st_value != destshdr->sh_addr)
957 /* This test is more strict than the psABIs which
958 usually allow the symbol to be in the middle of
959 the .got section, allowing negative offsets. */
960 ERROR (gettext ("\
961 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"),
962 idx, section_name (ebl, idx),
963 (uint64_t) sym->st_value,
964 sname, (uint64_t) destshdr->sh_addr);
965
966 if (!gnuld && sym->st_size != destshdr->sh_size)
967 ERROR (gettext ("\
968 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"),
969 idx, section_name (ebl, idx),
970 (uint64_t) sym->st_size,
971 sname, (uint64_t) destshdr->sh_size);
972 }
973 }
974 else
975 ERROR (gettext ("\
976 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"),
977 idx, section_name (ebl, idx));
978 }
979 else if (strcmp (name, "_DYNAMIC") == 0)
980 /* Check that address and size match the dynamic section.
981 We locate the dynamic section via the program header
982 entry. */
983 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
984 {
985 GElf_Phdr phdr_mem;
986 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
987
988 if (phdr != NULL && phdr->p_type == PT_DYNAMIC)
989 {
990 if (sym->st_value != phdr->p_vaddr)
991 ERROR (gettext ("\
992 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"),
993 idx, section_name (ebl, idx),
994 (uint64_t) sym->st_value,
995 (uint64_t) phdr->p_vaddr);
996
997 if (!gnuld && sym->st_size != phdr->p_memsz)
998 ERROR (gettext ("\
999 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"),
1000 idx, section_name (ebl, idx),
1001 (uint64_t) sym->st_size,
1002 (uint64_t) phdr->p_memsz);
1003
1004 break;
1005 }
1006 }
1007 }
1008
1009 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT
1010 && shdr->sh_type == SHT_DYNSYM)
1011 ERROR (gettext ("\
1012 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"),
1013 idx, section_name (ebl, idx), cnt);
1014 if (! ebl_check_st_other_bits (ebl, sym->st_other))
1015 ERROR (gettext ("\
1016 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"),
1017 idx, section_name (ebl, idx), cnt);
1018
1019 }
1020 }
1021
1022
1023 static bool
is_rel_dyn(Ebl * ebl,const GElf_Ehdr * ehdr,int idx,const GElf_Shdr * shdr,bool is_rela)1024 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr,
1025 bool is_rela)
1026 {
1027 /* If this is no executable or DSO it cannot be a .rel.dyn section. */
1028 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1029 return false;
1030
1031 /* Check the section name. Unfortunately necessary. */
1032 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn"))
1033 return false;
1034
1035 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section
1036 entry can be present as well. */
1037 Elf_Scn *scn = NULL;
1038 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
1039 {
1040 GElf_Shdr rcshdr_mem;
1041 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem);
1042 assert (rcshdr != NULL);
1043
1044 if (rcshdr->sh_type == SHT_DYNAMIC)
1045 {
1046 /* Found the dynamic section. Look through it. */
1047 Elf_Data *d = elf_getdata (scn, NULL);
1048 size_t cnt;
1049
1050 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt)
1051 {
1052 GElf_Dyn dyn_mem;
1053 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem);
1054 assert (dyn != NULL);
1055
1056 if (dyn->d_tag == DT_RELCOUNT)
1057 {
1058 /* Found it. Does the type match. */
1059 if (is_rela)
1060 ERROR (gettext ("\
1061 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"),
1062 idx, section_name (ebl, idx));
1063 else
1064 {
1065 /* Does the number specified number of relative
1066 relocations exceed the total number of
1067 relocations? */
1068 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1069 ERROR (gettext ("\
1070 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1071 idx, section_name (ebl, idx),
1072 (int) dyn->d_un.d_val);
1073
1074 /* Make sure the specified number of relocations are
1075 relative. */
1076 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1077 idx), NULL);
1078 if (reldata != NULL)
1079 for (size_t inner = 0;
1080 inner < shdr->sh_size / shdr->sh_entsize;
1081 ++inner)
1082 {
1083 GElf_Rel rel_mem;
1084 GElf_Rel *rel = gelf_getrel (reldata, inner,
1085 &rel_mem);
1086 if (rel == NULL)
1087 /* The problem will be reported elsewhere. */
1088 break;
1089
1090 if (ebl_relative_reloc_p (ebl,
1091 GELF_R_TYPE (rel->r_info)))
1092 {
1093 if (inner >= dyn->d_un.d_val)
1094 ERROR (gettext ("\
1095 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1096 idx, section_name (ebl, idx),
1097 (int) dyn->d_un.d_val);
1098 }
1099 else if (inner < dyn->d_un.d_val)
1100 ERROR (gettext ("\
1101 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1102 idx, section_name (ebl, idx),
1103 inner, (int) dyn->d_un.d_val);
1104 }
1105 }
1106 }
1107
1108 if (dyn->d_tag == DT_RELACOUNT)
1109 {
1110 /* Found it. Does the type match. */
1111 if (!is_rela)
1112 ERROR (gettext ("\
1113 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"),
1114 idx, section_name (ebl, idx));
1115 else
1116 {
1117 /* Does the number specified number of relative
1118 relocations exceed the total number of
1119 relocations? */
1120 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize)
1121 ERROR (gettext ("\
1122 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"),
1123 idx, section_name (ebl, idx),
1124 (int) dyn->d_un.d_val);
1125
1126 /* Make sure the specified number of relocations are
1127 relative. */
1128 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf,
1129 idx), NULL);
1130 if (reldata != NULL)
1131 for (size_t inner = 0;
1132 inner < shdr->sh_size / shdr->sh_entsize;
1133 ++inner)
1134 {
1135 GElf_Rela rela_mem;
1136 GElf_Rela *rela = gelf_getrela (reldata, inner,
1137 &rela_mem);
1138 if (rela == NULL)
1139 /* The problem will be reported elsewhere. */
1140 break;
1141
1142 if (ebl_relative_reloc_p (ebl,
1143 GELF_R_TYPE (rela->r_info)))
1144 {
1145 if (inner >= dyn->d_un.d_val)
1146 ERROR (gettext ("\
1147 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"),
1148 idx, section_name (ebl, idx),
1149 (int) dyn->d_un.d_val);
1150 }
1151 else if (inner < dyn->d_un.d_val)
1152 ERROR (gettext ("\
1153 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"),
1154 idx, section_name (ebl, idx),
1155 inner, (int) dyn->d_un.d_val);
1156 }
1157 }
1158 }
1159 }
1160
1161 break;
1162 }
1163 }
1164
1165 return true;
1166 }
1167
1168
1169 struct loaded_segment
1170 {
1171 GElf_Addr from;
1172 GElf_Addr to;
1173 bool read_only;
1174 struct loaded_segment *next;
1175 };
1176
1177
1178 /* Check whether binary has text relocation flag set. */
1179 static bool textrel;
1180
1181 /* Keep track of whether text relocation flag is needed. */
1182 static bool needed_textrel;
1183
1184
1185 static bool
check_reloc_shdr(Ebl * ebl,const GElf_Ehdr * ehdr,const GElf_Shdr * shdr,int idx,int reltype,GElf_Shdr ** destshdrp,GElf_Shdr * destshdr_memp,struct loaded_segment ** loadedp)1186 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr,
1187 int idx, int reltype, GElf_Shdr **destshdrp,
1188 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp)
1189 {
1190 bool reldyn = false;
1191
1192 /* Check whether the link to the section we relocate is reasonable. */
1193 if (shdr->sh_info >= shnum)
1194 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"),
1195 idx, section_name (ebl, idx));
1196 else if (shdr->sh_info != 0)
1197 {
1198 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info),
1199 destshdr_memp);
1200 if (*destshdrp != NULL)
1201 {
1202 if((*destshdrp)->sh_type != SHT_PROGBITS
1203 && (*destshdrp)->sh_type != SHT_NOBITS)
1204 {
1205 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true);
1206 if (!reldyn)
1207 ERROR (gettext ("\
1208 section [%2d] '%s': invalid destination section type\n"),
1209 idx, section_name (ebl, idx));
1210 else
1211 {
1212 /* There is no standard, but we require that .rel{,a}.dyn
1213 sections have a sh_info value of zero. */
1214 if (shdr->sh_info != 0)
1215 ERROR (gettext ("\
1216 section [%2d] '%s': sh_info should be zero\n"),
1217 idx, section_name (ebl, idx));
1218 }
1219 }
1220
1221 if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0)
1222 ERROR (gettext ("\
1223 section [%2d] '%s': no relocations for merge-able sections possible\n"),
1224 idx, section_name (ebl, idx));
1225 }
1226 }
1227
1228 if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT))
1229 ERROR (gettext (reltype == ELF_T_RELA ? "\
1230 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\
1231 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"),
1232 idx, section_name (ebl, idx));
1233
1234 /* In preparation of checking whether relocations are text
1235 relocations or not we need to determine whether the file is
1236 flagged to have text relocation and we need to determine a) what
1237 the loaded segments are and b) which are read-only. This will
1238 also allow us to determine whether the same reloc section is
1239 modifying loaded and not loaded segments. */
1240 for (unsigned int i = 0; i < phnum; ++i)
1241 {
1242 GElf_Phdr phdr_mem;
1243 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
1244 if (phdr == NULL)
1245 continue;
1246
1247 if (phdr->p_type == PT_LOAD)
1248 {
1249 struct loaded_segment *newp = xmalloc (sizeof (*newp));
1250 newp->from = phdr->p_vaddr;
1251 newp->to = phdr->p_vaddr + phdr->p_memsz;
1252 newp->read_only = (phdr->p_flags & PF_W) == 0;
1253 newp->next = *loadedp;
1254 *loadedp = newp;
1255 }
1256 else if (phdr->p_type == PT_DYNAMIC)
1257 {
1258 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset);
1259 GElf_Shdr dynshdr_mem;
1260 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem);
1261 Elf_Data *dyndata = elf_getdata (dynscn, NULL);
1262 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC
1263 && dyndata != NULL)
1264 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j)
1265 {
1266 GElf_Dyn dyn_mem;
1267 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem);
1268 if (dyn != NULL
1269 && (dyn->d_tag == DT_TEXTREL
1270 || (dyn->d_tag == DT_FLAGS
1271 && (dyn->d_un.d_val & DF_TEXTREL) != 0)))
1272 {
1273 textrel = true;
1274 break;
1275 }
1276 }
1277 }
1278 }
1279
1280 /* A quick test which can be easily done here (although it is a bit
1281 out of place): the text relocation flag makes only sense if there
1282 is a segment which is not writable. */
1283 if (textrel)
1284 {
1285 struct loaded_segment *seg = *loadedp;
1286 while (seg != NULL && !seg->read_only)
1287 seg = seg->next;
1288 if (seg == NULL)
1289 ERROR (gettext ("\
1290 text relocation flag set but there is no read-only segment\n"));
1291 }
1292
1293 return reldyn;
1294 }
1295
1296
1297 enum load_state
1298 {
1299 state_undecided,
1300 state_loaded,
1301 state_unloaded,
1302 state_error
1303 };
1304
1305
1306 static void
check_one_reloc(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * relshdr,int idx,size_t cnt,const GElf_Shdr * symshdr,Elf_Data * symdata,GElf_Addr r_offset,GElf_Xword r_info,const GElf_Shdr * destshdr,bool reldyn,struct loaded_segment * loaded,enum load_state * statep)1307 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx,
1308 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata,
1309 GElf_Addr r_offset, GElf_Xword r_info,
1310 const GElf_Shdr *destshdr, bool reldyn,
1311 struct loaded_segment *loaded, enum load_state *statep)
1312 {
1313 bool known_broken = gnuld;
1314
1315 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info)))
1316 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"),
1317 idx, section_name (ebl, idx), cnt);
1318 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1319 /* The executable/DSO can contain relocation sections with
1320 all the relocations the linker has applied. Those sections
1321 are marked non-loaded, though. */
1322 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1323 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info)))
1324 ERROR (gettext ("\
1325 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"),
1326 idx, section_name (ebl, idx), cnt);
1327
1328 if (symshdr != NULL
1329 && ((GELF_R_SYM (r_info) + 1)
1330 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)
1331 > symshdr->sh_size))
1332 ERROR (gettext ("\
1333 section [%2d] '%s': relocation %zu: invalid symbol index\n"),
1334 idx, section_name (ebl, idx), cnt);
1335
1336 /* No more tests if this is a no-op relocation. */
1337 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info)))
1338 return;
1339
1340 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info)))
1341 {
1342 const char *name;
1343 char buf[64];
1344 GElf_Sym sym_mem;
1345 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1346 if (sym != NULL
1347 /* Get the name for the symbol. */
1348 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name))
1349 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 )
1350 ERROR (gettext ("\
1351 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"),
1352 idx, section_name (ebl, idx), cnt,
1353 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info),
1354 buf, sizeof (buf)));
1355 }
1356
1357 if (reldyn)
1358 {
1359 // XXX TODO Check .rel.dyn section addresses.
1360 }
1361 else if (!known_broken)
1362 {
1363 if (destshdr != NULL
1364 && GELF_R_TYPE (r_info) != 0
1365 && (r_offset - (ehdr->e_type == ET_REL ? 0
1366 : destshdr->sh_addr)) >= destshdr->sh_size)
1367 ERROR (gettext ("\
1368 section [%2d] '%s': relocation %zu: offset out of bounds\n"),
1369 idx, section_name (ebl, idx), cnt);
1370 }
1371
1372 GElf_Sym sym_mem;
1373 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem);
1374
1375 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info))
1376 /* Make sure the referenced symbol is an object or unspecified. */
1377 && sym != NULL
1378 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE
1379 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT)
1380 {
1381 char buf[64];
1382 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"),
1383 idx, section_name (ebl, idx), cnt,
1384 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info),
1385 buf, sizeof (buf)));
1386 }
1387
1388 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
1389 || (relshdr->sh_flags & SHF_ALLOC) != 0)
1390 {
1391 bool in_loaded_seg = false;
1392 while (loaded != NULL)
1393 {
1394 if (r_offset < loaded->to
1395 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from)
1396 {
1397 /* The symbol is in this segment. */
1398 if (loaded->read_only)
1399 {
1400 if (textrel)
1401 needed_textrel = true;
1402 else
1403 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"),
1404 idx, section_name (ebl, idx), cnt);
1405 }
1406
1407 in_loaded_seg = true;
1408 }
1409
1410 loaded = loaded->next;
1411 }
1412
1413 if (*statep == state_undecided)
1414 *statep = in_loaded_seg ? state_loaded : state_unloaded;
1415 else if ((*statep == state_unloaded && in_loaded_seg)
1416 || (*statep == state_loaded && !in_loaded_seg))
1417 {
1418 ERROR (gettext ("\
1419 section [%2d] '%s': relocations are against loaded and unloaded data\n"),
1420 idx, section_name (ebl, idx));
1421 *statep = state_error;
1422 }
1423 }
1424 }
1425
1426
1427 static void
check_rela(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1428 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1429 {
1430 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1431 if (data == NULL)
1432 {
1433 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1434 idx, section_name (ebl, idx));
1435 return;
1436 }
1437
1438 /* Check the fields of the section header. */
1439 GElf_Shdr destshdr_mem;
1440 GElf_Shdr *destshdr = NULL;
1441 struct loaded_segment *loaded = NULL;
1442 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr,
1443 &destshdr_mem, &loaded);
1444
1445 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1446 GElf_Shdr symshdr_mem;
1447 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1448 Elf_Data *symdata = elf_getdata (symscn, NULL);
1449 enum load_state state = state_undecided;
1450
1451 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1452 {
1453 GElf_Rela rela_mem;
1454 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem);
1455 if (rela == NULL)
1456 {
1457 ERROR (gettext ("\
1458 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1459 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1460 continue;
1461 }
1462
1463 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1464 rela->r_offset, rela->r_info, destshdr, reldyn, loaded,
1465 &state);
1466 }
1467
1468 while (loaded != NULL)
1469 {
1470 struct loaded_segment *old = loaded;
1471 loaded = loaded->next;
1472 free (old);
1473 }
1474 }
1475
1476
1477 static void
check_rel(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1478 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1479 {
1480 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1481 if (data == NULL)
1482 {
1483 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1484 idx, section_name (ebl, idx));
1485 return;
1486 }
1487
1488 /* Check the fields of the section header. */
1489 GElf_Shdr destshdr_mem;
1490 GElf_Shdr *destshdr = NULL;
1491 struct loaded_segment *loaded = NULL;
1492 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr,
1493 &destshdr_mem, &loaded);
1494
1495 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1496 GElf_Shdr symshdr_mem;
1497 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1498 Elf_Data *symdata = elf_getdata (symscn, NULL);
1499 enum load_state state = state_undecided;
1500
1501 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1502 {
1503 GElf_Rel rel_mem;
1504 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem);
1505 if (rel == NULL)
1506 {
1507 ERROR (gettext ("\
1508 section [%2d] '%s': cannot get relocation %zu: %s\n"),
1509 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1510 continue;
1511 }
1512
1513 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata,
1514 rel->r_offset, rel->r_info, destshdr, reldyn, loaded,
1515 &state);
1516 }
1517
1518 while (loaded != NULL)
1519 {
1520 struct loaded_segment *old = loaded;
1521 loaded = loaded->next;
1522 free (old);
1523 }
1524 }
1525
1526
1527 /* Number of dynamic sections. */
1528 static int ndynamic;
1529
1530
1531 static void
check_dynamic(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1532 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1533 {
1534 Elf_Data *data;
1535 GElf_Shdr strshdr_mem;
1536 GElf_Shdr *strshdr;
1537 size_t cnt;
1538 static const bool dependencies[DT_NUM][DT_NUM] =
1539 {
1540 [DT_NEEDED] = { [DT_STRTAB] = true },
1541 [DT_PLTRELSZ] = { [DT_JMPREL] = true },
1542 [DT_HASH] = { [DT_SYMTAB] = true },
1543 [DT_STRTAB] = { [DT_STRSZ] = true },
1544 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true },
1545 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true },
1546 [DT_RELASZ] = { [DT_RELA] = true },
1547 [DT_RELAENT] = { [DT_RELA] = true },
1548 [DT_STRSZ] = { [DT_STRTAB] = true },
1549 [DT_SYMENT] = { [DT_SYMTAB] = true },
1550 [DT_SONAME] = { [DT_STRTAB] = true },
1551 [DT_RPATH] = { [DT_STRTAB] = true },
1552 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true },
1553 [DT_RELSZ] = { [DT_REL] = true },
1554 [DT_RELENT] = { [DT_REL] = true },
1555 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true },
1556 [DT_RUNPATH] = { [DT_STRTAB] = true },
1557 [DT_PLTREL] = { [DT_JMPREL] = true },
1558 };
1559 bool has_dt[DT_NUM];
1560 bool has_val_dt[DT_VALNUM];
1561 bool has_addr_dt[DT_ADDRNUM];
1562 static const bool level2[DT_NUM] =
1563 {
1564 [DT_RPATH] = true,
1565 [DT_SYMBOLIC] = true,
1566 [DT_TEXTREL] = true,
1567 [DT_BIND_NOW] = true
1568 };
1569 static const bool mandatory[DT_NUM] =
1570 {
1571 [DT_NULL] = true,
1572 [DT_STRTAB] = true,
1573 [DT_SYMTAB] = true,
1574 [DT_STRSZ] = true,
1575 [DT_SYMENT] = true
1576 };
1577
1578 memset (has_dt, '\0', sizeof (has_dt));
1579 memset (has_val_dt, '\0', sizeof (has_val_dt));
1580 memset (has_addr_dt, '\0', sizeof (has_addr_dt));
1581
1582 if (++ndynamic == 2)
1583 ERROR (gettext ("more than one dynamic section present\n"));
1584
1585 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1586 if (data == NULL)
1587 {
1588 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
1589 idx, section_name (ebl, idx));
1590 return;
1591 }
1592
1593 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem);
1594 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB)
1595 ERROR (gettext ("\
1596 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"),
1597 shdr->sh_link, section_name (ebl, shdr->sh_link),
1598 idx, section_name (ebl, idx));
1599
1600 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT))
1601 ERROR (gettext ("\
1602 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"),
1603 idx, section_name (ebl, idx));
1604
1605 if (shdr->sh_info != 0)
1606 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1607 idx, section_name (ebl, idx));
1608
1609 bool non_null_warned = false;
1610 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
1611 {
1612 GElf_Dyn dyn_mem;
1613 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem);
1614 if (dyn == NULL)
1615 {
1616 ERROR (gettext ("\
1617 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"),
1618 idx, section_name (ebl, idx), cnt, elf_errmsg (-1));
1619 continue;
1620 }
1621
1622 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned)
1623 {
1624 ERROR (gettext ("\
1625 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"),
1626 idx, section_name (ebl, idx));
1627 non_null_warned = true;
1628 }
1629
1630 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag))
1631 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"),
1632 idx, section_name (ebl, idx), cnt);
1633
1634 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM)
1635 {
1636 if (has_dt[dyn->d_tag]
1637 && dyn->d_tag != DT_NEEDED
1638 && dyn->d_tag != DT_NULL
1639 && dyn->d_tag != DT_POSFLAG_1)
1640 {
1641 char buf[50];
1642 ERROR (gettext ("\
1643 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"),
1644 idx, section_name (ebl, idx), cnt,
1645 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1646 buf, sizeof (buf)));
1647 }
1648
1649 if (be_strict && level2[dyn->d_tag])
1650 {
1651 char buf[50];
1652 ERROR (gettext ("\
1653 section [%2d] '%s': entry %zu: level 2 tag %s used\n"),
1654 idx, section_name (ebl, idx), cnt,
1655 ebl_dynamic_tag_name (ebl, dyn->d_tag,
1656 buf, sizeof (buf)));
1657 }
1658
1659 has_dt[dyn->d_tag] = true;
1660 }
1661 else if (dyn->d_tag <= DT_VALRNGHI
1662 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM)
1663 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true;
1664 else if (dyn->d_tag <= DT_ADDRRNGHI
1665 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
1666 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true;
1667
1668 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL
1669 && dyn->d_un.d_val != DT_RELA)
1670 ERROR (gettext ("\
1671 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"),
1672 idx, section_name (ebl, idx), cnt);
1673
1674 /* Check that addresses for entries are in loaded segments. */
1675 switch (dyn->d_tag)
1676 {
1677 size_t n;
1678 case DT_STRTAB:
1679 /* We require the referenced section is the same as the one
1680 specified in sh_link. */
1681 if (strshdr->sh_addr != dyn->d_un.d_val)
1682 {
1683 ERROR (gettext ("\
1684 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"),
1685 idx, section_name (ebl, idx), cnt,
1686 shdr->sh_link, section_name (ebl, shdr->sh_link));
1687 break;
1688 }
1689 goto check_addr;
1690
1691 default:
1692 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI)
1693 /* Value is no pointer. */
1694 break;
1695 /* FALLTHROUGH */
1696
1697 case DT_AUXILIARY:
1698 case DT_FILTER:
1699 case DT_FINI:
1700 case DT_FINI_ARRAY:
1701 case DT_HASH:
1702 case DT_INIT:
1703 case DT_INIT_ARRAY:
1704 case DT_JMPREL:
1705 case DT_PLTGOT:
1706 case DT_REL:
1707 case DT_RELA:
1708 case DT_SYMBOLIC:
1709 case DT_SYMTAB:
1710 case DT_VERDEF:
1711 case DT_VERNEED:
1712 case DT_VERSYM:
1713 check_addr:
1714 for (n = 0; n < phnum; ++n)
1715 {
1716 GElf_Phdr phdr_mem;
1717 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem);
1718 if (phdr != NULL && phdr->p_type == PT_LOAD
1719 && phdr->p_vaddr <= dyn->d_un.d_ptr
1720 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr)
1721 break;
1722 }
1723 if (unlikely (n >= phnum))
1724 {
1725 char buf[50];
1726 ERROR (gettext ("\
1727 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"),
1728 idx, section_name (ebl, idx), cnt,
1729 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1730 sizeof (buf)));
1731 }
1732 break;
1733
1734 case DT_NEEDED:
1735 case DT_RPATH:
1736 case DT_RUNPATH:
1737 case DT_SONAME:
1738 if (dyn->d_un.d_ptr >= strshdr->sh_size)
1739 {
1740 char buf[50];
1741 ERROR (gettext ("\
1742 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"),
1743 idx, section_name (ebl, idx), cnt,
1744 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf,
1745 sizeof (buf)),
1746 shdr->sh_link, section_name (ebl, shdr->sh_link));
1747 }
1748 break;
1749 }
1750 }
1751
1752 for (cnt = 1; cnt < DT_NUM; ++cnt)
1753 if (has_dt[cnt])
1754 {
1755 for (int inner = 0; inner < DT_NUM; ++inner)
1756 if (dependencies[cnt][inner] && ! has_dt[inner])
1757 {
1758 char buf1[50];
1759 char buf2[50];
1760
1761 ERROR (gettext ("\
1762 section [%2d] '%s': contains %s entry but not %s\n"),
1763 idx, section_name (ebl, idx),
1764 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)),
1765 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2)));
1766 }
1767 }
1768 else
1769 {
1770 if (mandatory[cnt])
1771 {
1772 char buf[50];
1773 ERROR (gettext ("\
1774 section [%2d] '%s': mandatory tag %s not present\n"),
1775 idx, section_name (ebl, idx),
1776 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf)));
1777 }
1778 }
1779
1780 /* Make sure we have an hash table. */
1781 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)])
1782 ERROR (gettext ("\
1783 section [%2d] '%s': no hash section present\n"),
1784 idx, section_name (ebl, idx));
1785
1786 /* The GNU-style hash table also needs a symbol table. */
1787 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]
1788 && !has_dt[DT_SYMTAB])
1789 ERROR (gettext ("\
1790 section [%2d] '%s': contains %s entry but not %s\n"),
1791 idx, section_name (ebl, idx),
1792 "DT_GNU_HASH", "DT_SYMTAB");
1793
1794 /* Check the rel/rela tags. At least one group must be available. */
1795 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT])
1796 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT]))
1797 ERROR (gettext ("\
1798 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1799 idx, section_name (ebl, idx),
1800 "DT_RELA", "DT_RELASZ", "DT_RELAENT");
1801
1802 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT])
1803 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT]))
1804 ERROR (gettext ("\
1805 section [%2d] '%s': not all of %s, %s, and %s are present\n"),
1806 idx, section_name (ebl, idx),
1807 "DT_REL", "DT_RELSZ", "DT_RELENT");
1808
1809 /* Check that all prelink sections are present if any of them is. */
1810 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]
1811 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1812 {
1813 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)])
1814 ERROR (gettext ("\
1815 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1816 idx, section_name (ebl, idx), "DT_GNU_PRELINKED");
1817 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)])
1818 ERROR (gettext ("\
1819 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"),
1820 idx, section_name (ebl, idx), "DT_CHECKSUM");
1821
1822 /* Only DSOs can be marked like this. */
1823 if (ehdr->e_type != ET_DYN)
1824 ERROR (gettext ("\
1825 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"),
1826 idx, section_name (ebl, idx));
1827 }
1828
1829 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]
1830 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]
1831 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]
1832 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1833 {
1834 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)])
1835 ERROR (gettext ("\
1836 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1837 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ");
1838 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)])
1839 ERROR (gettext ("\
1840 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1841 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ");
1842 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)])
1843 ERROR (gettext ("\
1844 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1845 idx, section_name (ebl, idx), "DT_GNU_CONFLICT");
1846 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)])
1847 ERROR (gettext ("\
1848 section [%2d] '%s': %s tag missing in prelinked executable\n"),
1849 idx, section_name (ebl, idx), "DT_GNU_LIBLIST");
1850 }
1851 }
1852
1853
1854 static void
check_symtab_shndx(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)1855 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
1856 {
1857 if (ehdr->e_type != ET_REL)
1858 {
1859 ERROR (gettext ("\
1860 section [%2d] '%s': only relocatable files can have extended section index\n"),
1861 idx, section_name (ebl, idx));
1862 return;
1863 }
1864
1865 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
1866 GElf_Shdr symshdr_mem;
1867 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
1868 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB)
1869 ERROR (gettext ("\
1870 section [%2d] '%s': extended section index section not for symbol table\n"),
1871 idx, section_name (ebl, idx));
1872 Elf_Data *symdata = elf_getdata (symscn, NULL);
1873 if (symdata == NULL)
1874 ERROR (gettext ("cannot get data for symbol section\n"));
1875
1876 if (shdr->sh_entsize != sizeof (Elf32_Word))
1877 ERROR (gettext ("\
1878 section [%2d] '%s': entry size does not match Elf32_Word\n"),
1879 idx, section_name (ebl, idx));
1880
1881 if (symshdr != NULL
1882 && (shdr->sh_size / shdr->sh_entsize
1883 < symshdr->sh_size / symshdr->sh_entsize))
1884 ERROR (gettext ("\
1885 section [%2d] '%s': extended index table too small for symbol table\n"),
1886 idx, section_name (ebl, idx));
1887
1888 if (shdr->sh_info != 0)
1889 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"),
1890 idx, section_name (ebl, idx));
1891
1892 for (size_t cnt = idx + 1; cnt < shnum; ++cnt)
1893 {
1894 GElf_Shdr rshdr_mem;
1895 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem);
1896 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX
1897 && rshdr->sh_link == shdr->sh_link)
1898 {
1899 ERROR (gettext ("\
1900 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"),
1901 idx, section_name (ebl, idx),
1902 cnt, section_name (ebl, cnt));
1903 break;
1904 }
1905 }
1906
1907 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
1908
1909 if (*((Elf32_Word *) data->d_buf) != 0)
1910 ERROR (gettext ("symbol 0 should have zero extended section index\n"));
1911
1912 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)
1913 {
1914 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt];
1915
1916 if (xndx != 0)
1917 {
1918 GElf_Sym sym_data;
1919 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data);
1920 if (sym == NULL)
1921 {
1922 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt);
1923 continue;
1924 }
1925
1926 if (sym->st_shndx != SHN_XINDEX)
1927 ERROR (gettext ("\
1928 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"),
1929 (uint32_t) xndx);
1930 }
1931 }
1932 }
1933
1934
1935 static void
check_sysv_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1936 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
1937 GElf_Shdr *symshdr)
1938 {
1939 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0];
1940 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1];
1941
1942 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
1943 ERROR (gettext ("\
1944 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
1945 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1946 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
1947
1948 size_t maxidx = nchain;
1949
1950 if (symshdr != NULL)
1951 {
1952 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1953
1954 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
1955 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
1956 idx, section_name (ebl, idx));
1957
1958 maxidx = symsize;
1959 }
1960
1961 size_t cnt;
1962 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
1963 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1964 ERROR (gettext ("\
1965 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
1966 idx, section_name (ebl, idx), cnt - 2);
1967
1968 for (; cnt < 2 + nbucket + nchain; ++cnt)
1969 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx)
1970 ERROR (gettext ("\
1971 section [%2d] '%s': hash chain reference %zu out of bounds\n"),
1972 idx, section_name (ebl, idx), cnt - 2 - nbucket);
1973 }
1974
1975
1976 static void
check_sysv_hash64(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)1977 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
1978 GElf_Shdr *symshdr)
1979 {
1980 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0];
1981 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1];
1982
1983 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize)
1984 ERROR (gettext ("\
1985 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"),
1986 idx, section_name (ebl, idx), (long int) shdr->sh_size,
1987 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize));
1988
1989 size_t maxidx = nchain;
1990
1991 if (symshdr != NULL)
1992 {
1993 size_t symsize = symshdr->sh_size / symshdr->sh_entsize;
1994
1995 if (nchain > symshdr->sh_size / symshdr->sh_entsize)
1996 ERROR (gettext ("section [%2d] '%s': chain array too large\n"),
1997 idx, section_name (ebl, idx));
1998
1999 maxidx = symsize;
2000 }
2001
2002 size_t cnt;
2003 for (cnt = 2; cnt < 2 + nbucket; ++cnt)
2004 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
2005 ERROR (gettext ("\
2006 section [%2d] '%s': hash bucket reference %zu out of bounds\n"),
2007 idx, section_name (ebl, idx), cnt - 2);
2008
2009 for (; cnt < 2 + nbucket + nchain; ++cnt)
2010 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx)
2011 ERROR (gettext ("\
2012 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"),
2013 idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket));
2014 }
2015
2016
2017 static void
check_gnu_hash(Ebl * ebl,GElf_Shdr * shdr,Elf_Data * data,int idx,GElf_Shdr * symshdr)2018 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx,
2019 GElf_Shdr *symshdr)
2020 {
2021 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0];
2022 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1];
2023 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2];
2024
2025 if (!powerof2 (bitmask_words))
2026 ERROR (gettext ("\
2027 section [%2d] '%s': bitmask size not power of 2: %u\n"),
2028 idx, section_name (ebl, idx), bitmask_words);
2029
2030 size_t bitmask_idxmask = bitmask_words - 1;
2031 if (gelf_getclass (ebl->elf) == ELFCLASS64)
2032 bitmask_words *= 2;
2033 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3];
2034
2035 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))
2036 {
2037 ERROR (gettext ("\
2038 section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"),
2039 idx, section_name (ebl, idx), (long int) shdr->sh_size,
2040 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)));
2041 return;
2042 }
2043
2044 if (shift > 31)
2045 ERROR (gettext ("\
2046 section [%2d] '%s': 2nd hash function shift too big: %u\n"),
2047 idx, section_name (ebl, idx), shift);
2048
2049 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words
2050 + nbuckets);
2051
2052 if (symshdr != NULL)
2053 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize);
2054
2055 /* We need the symbol section data. */
2056 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL);
2057
2058 union
2059 {
2060 Elf32_Word *p32;
2061 Elf64_Xword *p64;
2062 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] },
2063 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) };
2064
2065 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64;
2066
2067 size_t cnt;
2068 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt)
2069 {
2070 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt];
2071
2072 if (symidx == 0)
2073 continue;
2074
2075 if (symidx < symbias)
2076 {
2077 ERROR (gettext ("\
2078 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"),
2079 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2080 continue;
2081 }
2082
2083 while (symidx - symbias < maxidx)
2084 {
2085 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4
2086 + bitmask_words
2087 + nbuckets
2088 + symidx
2089 - symbias];
2090
2091 if (symdata != NULL)
2092 {
2093 /* Check that the referenced symbol is not undefined. */
2094 GElf_Sym sym_mem;
2095 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem);
2096 if (sym != NULL && sym->st_shndx == SHN_UNDEF
2097 && GELF_ST_TYPE (sym->st_info) != STT_FUNC)
2098 ERROR (gettext ("\
2099 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"),
2100 idx, section_name (ebl, idx), symidx,
2101 cnt - (4 + bitmask_words));
2102
2103 const char *symname = elf_strptr (ebl->elf, symshdr->sh_link,
2104 sym->st_name);
2105 if (symname != NULL)
2106 {
2107 Elf32_Word hval = elf_gnu_hash (symname);
2108 if ((hval & ~1u) != (chainhash & ~1u))
2109 ERROR (gettext ("\
2110 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"),
2111 idx, section_name (ebl, idx), symidx,
2112 cnt - (4 + bitmask_words));
2113
2114 /* Set the bits in the bitmask. */
2115 size_t maskidx = (hval / classbits) & bitmask_idxmask;
2116 if (classbits == 32)
2117 {
2118 collected.p32[maskidx]
2119 |= UINT32_C (1) << (hval & (classbits - 1));
2120 collected.p32[maskidx]
2121 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1));
2122 }
2123 else
2124 {
2125 collected.p64[maskidx]
2126 |= UINT64_C (1) << (hval & (classbits - 1));
2127 collected.p64[maskidx]
2128 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1));
2129 }
2130 }
2131 }
2132
2133 if ((chainhash & 1) != 0)
2134 break;
2135
2136 ++symidx;
2137 }
2138
2139 if (symidx - symbias >= maxidx)
2140 ERROR (gettext ("\
2141 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"),
2142 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2143 else if (symshdr != NULL
2144 && symidx > symshdr->sh_size / symshdr->sh_entsize)
2145 ERROR (gettext ("\
2146 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"),
2147 idx, section_name (ebl, idx), cnt - (4 + bitmask_words));
2148 }
2149
2150 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word)))
2151 ERROR (gettext ("\
2152 section [%2d] '%s': bitmask does not match names in the hash table\n"),
2153 idx, section_name (ebl, idx));
2154
2155 free (collected.p32);
2156 }
2157
2158
2159 static void
check_hash(int tag,Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2160 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2161 {
2162 if (ehdr->e_type == ET_REL)
2163 {
2164 ERROR (gettext ("\
2165 section [%2d] '%s': relocatable files cannot have hash tables\n"),
2166 idx, section_name (ebl, idx));
2167 return;
2168 }
2169
2170 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2171 if (data == NULL)
2172 {
2173 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2174 idx, section_name (ebl, idx));
2175 return;
2176 }
2177
2178 GElf_Shdr symshdr_mem;
2179 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2180 &symshdr_mem);
2181 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM)
2182 ERROR (gettext ("\
2183 section [%2d] '%s': hash table not for dynamic symbol table\n"),
2184 idx, section_name (ebl, idx));
2185
2186 if (shdr->sh_entsize != (tag == SHT_GNU_HASH
2187 ? (gelf_getclass (ebl->elf) == ELFCLASS32
2188 ? sizeof (Elf32_Word) : 0)
2189 : (size_t) ebl_sysvhash_entrysize (ebl)))
2190 ERROR (gettext ("\
2191 section [%2d] '%s': hash table entry size incorrect\n"),
2192 idx, section_name (ebl, idx));
2193
2194 if ((shdr->sh_flags & SHF_ALLOC) == 0)
2195 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"),
2196 idx, section_name (ebl, idx));
2197
2198 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4))
2199 {
2200 ERROR (gettext ("\
2201 section [%2d] '%s': hash table has not even room for initial administrative entries\n"),
2202 idx, section_name (ebl, idx));
2203 return;
2204 }
2205
2206 switch (tag)
2207 {
2208 case SHT_HASH:
2209 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword))
2210 check_sysv_hash64 (ebl, shdr, data, idx, symshdr);
2211 else
2212 check_sysv_hash (ebl, shdr, data, idx, symshdr);
2213 break;
2214
2215 case SHT_GNU_HASH:
2216 check_gnu_hash (ebl, shdr, data, idx, symshdr);
2217 break;
2218
2219 default:
2220 assert (! "should not happen");
2221 }
2222 }
2223
2224
2225 /* Compare content of both hash tables, it must be identical. */
2226 static void
compare_hash_gnu_hash(Ebl * ebl,GElf_Ehdr * ehdr,size_t hash_idx,size_t gnu_hash_idx)2227 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx,
2228 size_t gnu_hash_idx)
2229 {
2230 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx);
2231 Elf_Data *hash_data = elf_getdata (hash_scn, NULL);
2232 GElf_Shdr hash_shdr_mem;
2233 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem);
2234 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx);
2235 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL);
2236 GElf_Shdr gnu_hash_shdr_mem;
2237 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem);
2238
2239 if (hash_shdr == NULL || gnu_hash_shdr == NULL
2240 || hash_data == NULL || gnu_hash_data == NULL)
2241 /* None of these pointers should be NULL since we used the
2242 sections already. We are careful nonetheless. */
2243 return;
2244
2245 /* The link must point to the same symbol table. */
2246 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link)
2247 {
2248 ERROR (gettext ("\
2249 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"),
2250 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2251 gnu_hash_idx,
2252 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2253 return;
2254 }
2255
2256 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link);
2257 Elf_Data *sym_data = elf_getdata (sym_scn, NULL);
2258 GElf_Shdr sym_shdr_mem;
2259 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem);
2260
2261 if (sym_data == NULL || sym_shdr == NULL)
2262 return;
2263
2264 int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize;
2265 char *used = alloca (nentries);
2266 memset (used, '\0', nentries);
2267
2268 /* First go over the GNU_HASH table and mark the entries as used. */
2269 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf;
2270 Elf32_Word gnu_nbucket = gnu_hasharr[0];
2271 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2;
2272 const Elf32_Word *gnu_bucket = (gnu_hasharr
2273 + (4 + gnu_hasharr[2] * bitmap_factor));
2274 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1];
2275
2276 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt)
2277 {
2278 Elf32_Word symidx = gnu_bucket[cnt];
2279 if (symidx != STN_UNDEF)
2280 do
2281 used[symidx] |= 1;
2282 while ((gnu_chain[symidx++] & 1u) == 0);
2283 }
2284
2285 /* Now go over the old hash table and check that we cover the same
2286 entries. */
2287 if (hash_shdr->sh_entsize == sizeof (Elf32_Word))
2288 {
2289 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf;
2290 Elf32_Word nbucket = hasharr[0];
2291 const Elf32_Word *bucket = &hasharr[2];
2292 const Elf32_Word *chain = &hasharr[2 + nbucket];
2293
2294 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt)
2295 {
2296 Elf32_Word symidx = bucket[cnt];
2297 while (symidx != STN_UNDEF)
2298 {
2299 used[symidx] |= 2;
2300 symidx = chain[symidx];
2301 }
2302 }
2303 }
2304 else
2305 {
2306 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf;
2307 Elf64_Xword nbucket = hasharr[0];
2308 const Elf64_Xword *bucket = &hasharr[2];
2309 const Elf64_Xword *chain = &hasharr[2 + nbucket];
2310
2311 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt)
2312 {
2313 Elf64_Xword symidx = bucket[cnt];
2314 while (symidx != STN_UNDEF)
2315 {
2316 used[symidx] |= 2;
2317 symidx = chain[symidx];
2318 }
2319 }
2320 }
2321
2322 /* Now see which entries are not set in one or both hash tables
2323 (unless the symbol is undefined in which case it can be omitted
2324 in the new table format). */
2325 if ((used[0] & 1) != 0)
2326 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2327 gnu_hash_idx,
2328 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2329 if ((used[0] & 2) != 0)
2330 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"),
2331 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2332
2333 for (int cnt = 1; cnt < nentries; ++cnt)
2334 if (used[cnt] != 0 && used[cnt] != 3)
2335 {
2336 if (used[cnt] == 1)
2337 ERROR (gettext ("\
2338 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"),
2339 cnt, gnu_hash_idx,
2340 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name),
2341 hash_idx,
2342 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name));
2343 else
2344 {
2345 GElf_Sym sym_mem;
2346 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem);
2347
2348 if (sym != NULL && sym->st_shndx != STN_UNDEF)
2349 ERROR (gettext ("\
2350 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"),
2351 cnt, hash_idx,
2352 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name),
2353 gnu_hash_idx,
2354 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name));
2355 }
2356 }
2357 }
2358
2359
2360 static void
check_null(Ebl * ebl,GElf_Shdr * shdr,int idx)2361 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx)
2362 {
2363 #define TEST(name, extra) \
2364 if (extra && shdr->sh_##name != 0) \
2365 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \
2366 idx, section_name (ebl, idx), #name)
2367
2368 TEST (name, 1);
2369 TEST (flags, 1);
2370 TEST (addr, 1);
2371 TEST (offset, 1);
2372 TEST (size, idx != 0);
2373 TEST (link, idx != 0);
2374 TEST (info, 1);
2375 TEST (addralign, 1);
2376 TEST (entsize, 1);
2377 }
2378
2379
2380 static void
check_group(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)2381 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
2382 {
2383 if (ehdr->e_type != ET_REL)
2384 {
2385 ERROR (gettext ("\
2386 section [%2d] '%s': section groups only allowed in relocatable object files\n"),
2387 idx, section_name (ebl, idx));
2388 return;
2389 }
2390
2391 /* Check that sh_link is an index of a symbol table. */
2392 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2393 GElf_Shdr symshdr_mem;
2394 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2395 if (symshdr == NULL)
2396 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"),
2397 idx, section_name (ebl, idx), elf_errmsg (-1));
2398 else
2399 {
2400 if (symshdr->sh_type != SHT_SYMTAB)
2401 ERROR (gettext ("\
2402 section [%2d] '%s': section reference in sh_link is no symbol table\n"),
2403 idx, section_name (ebl, idx));
2404
2405 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM,
2406 1, EV_CURRENT))
2407 ERROR (gettext ("\
2408 section [%2d] '%s': invalid symbol index in sh_info\n"),
2409 idx, section_name (ebl, idx));
2410
2411 if (shdr->sh_flags != 0)
2412 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"),
2413 idx, section_name (ebl, idx));
2414
2415 GElf_Sym sym_data;
2416 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info,
2417 &sym_data);
2418 if (sym == NULL)
2419 ERROR (gettext ("\
2420 section [%2d] '%s': cannot get symbol for signature\n"),
2421 idx, section_name (ebl, idx));
2422 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name),
2423 "") == 0)
2424 ERROR (gettext ("\
2425 section [%2d] '%s': signature symbol cannot be empty string\n"),
2426 idx, section_name (ebl, idx));
2427
2428 if (be_strict
2429 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT))
2430 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"),
2431 idx, section_name (ebl, idx));
2432 }
2433
2434 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2435 if (data == NULL)
2436 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"),
2437 idx, section_name (ebl, idx), elf_errmsg (-1));
2438 else
2439 {
2440 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT);
2441 size_t cnt;
2442 Elf32_Word val;
2443
2444 if (data->d_size % elsize != 0)
2445 ERROR (gettext ("\
2446 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"),
2447 idx, section_name (ebl, idx));
2448
2449 if (data->d_size < elsize)
2450 ERROR (gettext ("\
2451 section [%2d] '%s': section group without flags word\n"),
2452 idx, section_name (ebl, idx));
2453 else if (be_strict)
2454 {
2455 if (data->d_size < 2 * elsize)
2456 ERROR (gettext ("\
2457 section [%2d] '%s': section group without member\n"),
2458 idx, section_name (ebl, idx));
2459 else if (data->d_size < 3 * elsize)
2460 ERROR (gettext ("\
2461 section [%2d] '%s': section group with only one member\n"),
2462 idx, section_name (ebl, idx));
2463 }
2464
2465 #if ALLOW_UNALIGNED
2466 val = *((Elf32_Word *) data->d_buf);
2467 #else
2468 memcpy (&val, data->d_buf, elsize);
2469 #endif
2470 if ((val & ~GRP_COMDAT) != 0)
2471 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
2472 idx, section_name (ebl, idx));
2473
2474 for (cnt = elsize; cnt < data->d_size; cnt += elsize)
2475 {
2476 #if ALLOW_UNALIGNED
2477 val = *((Elf32_Word *) ((char *) data->d_buf + cnt));
2478 #else
2479 memcpy (&val, (char *) data->d_buf + cnt, elsize);
2480 #endif
2481
2482 if (val > shnum)
2483 ERROR (gettext ("\
2484 section [%2d] '%s': section index %Zu out of range\n"),
2485 idx, section_name (ebl, idx), cnt / elsize);
2486 else
2487 {
2488 GElf_Shdr refshdr_mem;
2489 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val),
2490 &refshdr_mem);
2491 if (refshdr == NULL)
2492 ERROR (gettext ("\
2493 section [%2d] '%s': cannot get section header for element %zu: %s\n"),
2494 idx, section_name (ebl, idx), cnt / elsize,
2495 elf_errmsg (-1));
2496 else
2497 {
2498 if (refshdr->sh_type == SHT_GROUP)
2499 ERROR (gettext ("\
2500 section [%2d] '%s': section group contains another group [%2d] '%s'\n"),
2501 idx, section_name (ebl, idx),
2502 val, section_name (ebl, val));
2503
2504 if ((refshdr->sh_flags & SHF_GROUP) == 0)
2505 ERROR (gettext ("\
2506 section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"),
2507 idx, section_name (ebl, idx), cnt / elsize,
2508 val, section_name (ebl, val));
2509 }
2510
2511 if (++scnref[val] == 2)
2512 ERROR (gettext ("\
2513 section [%2d] '%s' is contained in more than one section group\n"),
2514 val, section_name (ebl, val));
2515 }
2516 }
2517 }
2518 }
2519
2520
2521 static const char *
section_flags_string(GElf_Word flags,char * buf,size_t len)2522 section_flags_string (GElf_Word flags, char *buf, size_t len)
2523 {
2524 if (flags == 0)
2525 return "none";
2526
2527 static const struct
2528 {
2529 GElf_Word flag;
2530 const char *name;
2531 } known_flags[] =
2532 {
2533 #define NEWFLAG(name) { SHF_##name, #name }
2534 NEWFLAG (WRITE),
2535 NEWFLAG (ALLOC),
2536 NEWFLAG (EXECINSTR),
2537 NEWFLAG (MERGE),
2538 NEWFLAG (STRINGS),
2539 NEWFLAG (INFO_LINK),
2540 NEWFLAG (LINK_ORDER),
2541 NEWFLAG (OS_NONCONFORMING),
2542 NEWFLAG (GROUP),
2543 NEWFLAG (TLS)
2544 };
2545 #undef NEWFLAG
2546 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]);
2547
2548 char *cp = buf;
2549
2550 for (size_t cnt = 0; cnt < nknown_flags; ++cnt)
2551 if (flags & known_flags[cnt].flag)
2552 {
2553 if (cp != buf && len > 1)
2554 {
2555 *cp++ = '|';
2556 --len;
2557 }
2558
2559 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name));
2560 cp = mempcpy (cp, known_flags[cnt].name, ncopy);
2561 len -= ncopy;
2562
2563 flags ^= known_flags[cnt].flag;
2564 }
2565
2566 if (flags != 0 || cp == buf)
2567 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags);
2568
2569 *cp = '\0';
2570
2571 return buf;
2572 }
2573
2574
2575 static int
has_copy_reloc(Ebl * ebl,unsigned int symscnndx,unsigned int symndx)2576 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx)
2577 {
2578 /* First find the relocation section for the symbol table. */
2579 Elf_Scn *scn = NULL;
2580 GElf_Shdr shdr_mem;
2581 GElf_Shdr *shdr = NULL;
2582 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
2583 {
2584 shdr = gelf_getshdr (scn, &shdr_mem);
2585 if (shdr != NULL
2586 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA)
2587 && shdr->sh_link == symscnndx)
2588 /* Found the section. */
2589 break;
2590 }
2591
2592 if (scn == NULL)
2593 return 0;
2594
2595 Elf_Data *data = elf_getdata (scn, NULL);
2596 if (data == NULL)
2597 return 0;
2598
2599 if (shdr->sh_type == SHT_REL)
2600 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2601 {
2602 GElf_Rel rel_mem;
2603 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem);
2604 if (rel == NULL)
2605 continue;
2606
2607 if (GELF_R_SYM (rel->r_info) == symndx
2608 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info)))
2609 return 1;
2610 }
2611 else
2612 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i)
2613 {
2614 GElf_Rela rela_mem;
2615 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem);
2616 if (rela == NULL)
2617 continue;
2618
2619 if (GELF_R_SYM (rela->r_info) == symndx
2620 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info)))
2621 return 1;
2622 }
2623
2624 return 0;
2625 }
2626
2627
2628 static int
in_nobits_scn(Ebl * ebl,unsigned int shndx)2629 in_nobits_scn (Ebl *ebl, unsigned int shndx)
2630 {
2631 GElf_Shdr shdr_mem;
2632 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem);
2633 return shdr != NULL && shdr->sh_type == SHT_NOBITS;
2634 }
2635
2636
2637 static struct version_namelist
2638 {
2639 const char *objname;
2640 const char *name;
2641 GElf_Versym ndx;
2642 enum { ver_def, ver_need } type;
2643 struct version_namelist *next;
2644 } *version_namelist;
2645
2646
2647 static int
add_version(const char * objname,const char * name,GElf_Versym ndx,int type)2648 add_version (const char *objname, const char *name, GElf_Versym ndx, int type)
2649 {
2650 /* Check that there are no duplications. */
2651 struct version_namelist *nlp = version_namelist;
2652 while (nlp != NULL)
2653 {
2654 if (((nlp->objname == NULL && objname == NULL)
2655 || (nlp->objname != NULL && objname != NULL
2656 && strcmp (nlp->objname, objname) == 0))
2657 && strcmp (nlp->name, name) == 0)
2658 return nlp->type == ver_def ? 1 : -1;
2659 nlp = nlp->next;
2660 }
2661
2662 nlp = xmalloc (sizeof (*nlp));
2663 nlp->objname = objname;
2664 nlp->name = name;
2665 nlp->ndx = ndx;
2666 nlp->type = type;
2667 nlp->next = version_namelist;
2668 version_namelist = nlp;
2669
2670 return 0;
2671 }
2672
2673
2674 static void
check_versym(Ebl * ebl,int idx)2675 check_versym (Ebl *ebl, int idx)
2676 {
2677 Elf_Scn *scn = elf_getscn (ebl->elf, idx);
2678 GElf_Shdr shdr_mem;
2679 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2680 if (shdr == NULL)
2681 /* The error has already been reported. */
2682 return;
2683
2684 Elf_Data *data = elf_getdata (scn, NULL);
2685 if (data == NULL)
2686 {
2687 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2688 idx, section_name (ebl, idx));
2689 return;
2690 }
2691
2692 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link);
2693 GElf_Shdr symshdr_mem;
2694 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
2695 if (symshdr == NULL)
2696 /* The error has already been reported. */
2697 return;
2698
2699 if (symshdr->sh_type != SHT_DYNSYM)
2700 {
2701 ERROR (gettext ("\
2702 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"),
2703 idx, section_name (ebl, idx),
2704 shdr->sh_link, section_name (ebl, shdr->sh_link));
2705 return;
2706 }
2707
2708 /* The number of elements in the version symbol table must be the
2709 same as the number of symbols. */
2710 if (shdr->sh_size / shdr->sh_entsize
2711 != symshdr->sh_size / symshdr->sh_entsize)
2712 ERROR (gettext ("\
2713 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"),
2714 idx, section_name (ebl, idx),
2715 shdr->sh_link, section_name (ebl, shdr->sh_link));
2716
2717 Elf_Data *symdata = elf_getdata (symscn, NULL);
2718 if (symdata == NULL)
2719 /* The error has already been reported. */
2720 return;
2721
2722 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt)
2723 {
2724 GElf_Versym versym_mem;
2725 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem);
2726 if (versym == NULL)
2727 {
2728 ERROR (gettext ("\
2729 section [%2d] '%s': symbol %d: cannot read version data\n"),
2730 idx, section_name (ebl, idx), cnt);
2731 break;
2732 }
2733
2734 GElf_Sym sym_mem;
2735 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem);
2736 if (sym == NULL)
2737 /* Already reported elsewhere. */
2738 continue;
2739
2740 if (*versym == VER_NDX_GLOBAL)
2741 {
2742 /* Global symbol. Make sure it is not defined as local. */
2743 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2744 ERROR (gettext ("\
2745 section [%2d] '%s': symbol %d: local symbol with global scope\n"),
2746 idx, section_name (ebl, idx), cnt);
2747 }
2748 else if (*versym != VER_NDX_LOCAL)
2749 {
2750 /* Versioned symbol. Make sure it is not defined as local. */
2751 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL)
2752 ERROR (gettext ("\
2753 section [%2d] '%s': symbol %d: local symbol with version\n"),
2754 idx, section_name (ebl, idx), cnt);
2755
2756 /* Look through the list of defined versions and locate the
2757 index we need for this symbol. */
2758 struct version_namelist *runp = version_namelist;
2759 while (runp != NULL)
2760 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff))
2761 break;
2762 else
2763 runp = runp->next;
2764
2765 if (runp == NULL)
2766 ERROR (gettext ("\
2767 section [%2d] '%s': symbol %d: invalid version index %d\n"),
2768 idx, section_name (ebl, idx), cnt, (int) *versym);
2769 else if (sym->st_shndx == SHN_UNDEF
2770 && runp->type == ver_def)
2771 ERROR (gettext ("\
2772 section [%2d] '%s': symbol %d: version index %d is for defined version\n"),
2773 idx, section_name (ebl, idx), cnt, (int) *versym);
2774 else if (sym->st_shndx != SHN_UNDEF
2775 && runp->type == ver_need)
2776 {
2777 /* Unless this symbol has a copy relocation associated
2778 this must not happen. */
2779 if (!has_copy_reloc (ebl, shdr->sh_link, cnt)
2780 && !in_nobits_scn (ebl, sym->st_shndx))
2781 ERROR (gettext ("\
2782 section [%2d] '%s': symbol %d: version index %d is for requested version\n"),
2783 idx, section_name (ebl, idx), cnt, (int) *versym);
2784 }
2785 }
2786 }
2787 }
2788
2789
2790 static int
unknown_dependency_p(Elf * elf,const char * fname)2791 unknown_dependency_p (Elf *elf, const char *fname)
2792 {
2793 GElf_Phdr phdr_mem;
2794 GElf_Phdr *phdr = NULL;
2795
2796 unsigned int i;
2797 for (i = 0; i < phnum; ++i)
2798 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL
2799 && phdr->p_type == PT_DYNAMIC)
2800 break;
2801
2802 if (i == phnum)
2803 return 1;
2804 assert (phdr != NULL);
2805 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset);
2806 GElf_Shdr shdr_mem;
2807 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
2808 Elf_Data *data = elf_getdata (scn, NULL);
2809 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL)
2810 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j)
2811 {
2812 GElf_Dyn dyn_mem;
2813 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem);
2814 if (dyn != NULL && dyn->d_tag == DT_NEEDED)
2815 {
2816 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val);
2817 if (str != NULL && strcmp (str, fname) == 0)
2818 /* Found it. */
2819 return 0;
2820 }
2821 }
2822
2823 return 1;
2824 }
2825
2826
2827 static unsigned int nverneed;
2828
2829 static void
check_verneed(Ebl * ebl,GElf_Shdr * shdr,int idx)2830 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx)
2831 {
2832 if (++nverneed == 2)
2833 ERROR (gettext ("more than one version reference section present\n"));
2834
2835 GElf_Shdr strshdr_mem;
2836 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2837 &strshdr_mem);
2838 if (strshdr == NULL)
2839 return;
2840 if (strshdr->sh_type != SHT_STRTAB)
2841 ERROR (gettext ("\
2842 section [%2d] '%s': sh_link does not link to string table\n"),
2843 idx, section_name (ebl, idx));
2844
2845 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2846 if (data == NULL)
2847 {
2848 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2849 idx, section_name (ebl, idx));
2850 return;
2851 }
2852 unsigned int offset = 0;
2853 for (int cnt = shdr->sh_info; --cnt >= 0; )
2854 {
2855 /* Get the data at the next offset. */
2856 GElf_Verneed needmem;
2857 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem);
2858 if (need == NULL)
2859 break;
2860
2861 unsigned int auxoffset = offset + need->vn_aux;
2862
2863 if (need->vn_version != EV_CURRENT)
2864 ERROR (gettext ("\
2865 section [%2d] '%s': entry %d has wrong version %d\n"),
2866 idx, section_name (ebl, idx), cnt, (int) need->vn_version);
2867
2868 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED,
2869 1, EV_CURRENT))
2870 ERROR (gettext ("\
2871 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
2872 idx, section_name (ebl, idx), cnt);
2873
2874 const char *libname = elf_strptr (ebl->elf, shdr->sh_link,
2875 need->vn_file);
2876 if (libname == NULL)
2877 {
2878 ERROR (gettext ("\
2879 section [%2d] '%s': entry %d has invalid file reference\n"),
2880 idx, section_name (ebl, idx), cnt);
2881 goto next_need;
2882 }
2883
2884 /* Check that there is a DT_NEEDED entry for the referenced library. */
2885 if (unknown_dependency_p (ebl->elf, libname))
2886 ERROR (gettext ("\
2887 section [%2d] '%s': entry %d references unknown dependency\n"),
2888 idx, section_name (ebl, idx), cnt);
2889
2890 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; )
2891 {
2892 GElf_Vernaux auxmem;
2893 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem);
2894 if (aux == NULL)
2895 break;
2896
2897 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0)
2898 ERROR (gettext ("\
2899 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"),
2900 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2901
2902 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link,
2903 aux->vna_name);
2904 if (verstr == NULL)
2905 ERROR (gettext ("\
2906 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"),
2907 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2908 else
2909 {
2910 GElf_Word hashval = elf_hash (verstr);
2911 if (hashval != aux->vna_hash)
2912 ERROR (gettext ("\
2913 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"),
2914 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
2915 cnt, (int) hashval, (int) aux->vna_hash);
2916
2917 int res = add_version (libname, verstr, aux->vna_other,
2918 ver_need);
2919 if (unlikely (res !=0))
2920 {
2921 assert (res > 0);
2922 ERROR (gettext ("\
2923 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"),
2924 idx, section_name (ebl, idx), need->vn_cnt - cnt2,
2925 cnt, verstr);
2926 }
2927 }
2928
2929 if ((aux->vna_next != 0 || cnt2 > 0)
2930 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1,
2931 EV_CURRENT))
2932 {
2933 ERROR (gettext ("\
2934 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"),
2935 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt);
2936 break;
2937 }
2938
2939 auxoffset += MAX (aux->vna_next,
2940 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT));
2941 }
2942
2943 /* Find the next offset. */
2944 next_need:
2945 offset += need->vn_next;
2946
2947 if ((need->vn_next != 0 || cnt > 0)
2948 && offset < auxoffset)
2949 ERROR (gettext ("\
2950 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
2951 idx, section_name (ebl, idx), cnt);
2952 }
2953 }
2954
2955
2956 static unsigned int nverdef;
2957
2958 static void
check_verdef(Ebl * ebl,GElf_Shdr * shdr,int idx)2959 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx)
2960 {
2961 if (++nverdef == 2)
2962 ERROR (gettext ("more than one version definition section present\n"));
2963
2964 GElf_Shdr strshdr_mem;
2965 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link),
2966 &strshdr_mem);
2967 if (strshdr == NULL)
2968 return;
2969 if (strshdr->sh_type != SHT_STRTAB)
2970 ERROR (gettext ("\
2971 section [%2d] '%s': sh_link does not link to string table\n"),
2972 idx, section_name (ebl, idx));
2973
2974 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
2975 if (data == NULL)
2976 {
2977 no_data:
2978 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
2979 idx, section_name (ebl, idx));
2980 return;
2981 }
2982
2983 /* Iterate over all version definition entries. We check that there
2984 is a BASE entry and that each index is unique. To do the later
2985 we collection the information in a list which is later
2986 examined. */
2987 struct namelist
2988 {
2989 const char *name;
2990 struct namelist *next;
2991 } *namelist = NULL;
2992 struct namelist *refnamelist = NULL;
2993
2994 bool has_base = false;
2995 unsigned int offset = 0;
2996 for (int cnt = shdr->sh_info; --cnt >= 0; )
2997 {
2998 /* Get the data at the next offset. */
2999 GElf_Verdef defmem;
3000 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem);
3001 if (def == NULL)
3002 goto no_data;
3003
3004 if ((def->vd_flags & VER_FLG_BASE) != 0)
3005 {
3006 if (has_base)
3007 ERROR (gettext ("\
3008 section [%2d] '%s': more than one BASE definition\n"),
3009 idx, section_name (ebl, idx));
3010 if (def->vd_ndx != VER_NDX_GLOBAL)
3011 ERROR (gettext ("\
3012 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"),
3013 idx, section_name (ebl, idx));
3014 has_base = true;
3015 }
3016 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0)
3017 ERROR (gettext ("\
3018 section [%2d] '%s': entry %d has unknown flag\n"),
3019 idx, section_name (ebl, idx), cnt);
3020
3021 if (def->vd_version != EV_CURRENT)
3022 ERROR (gettext ("\
3023 section [%2d] '%s': entry %d has wrong version %d\n"),
3024 idx, section_name (ebl, idx), cnt, (int) def->vd_version);
3025
3026 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF,
3027 1, EV_CURRENT))
3028 ERROR (gettext ("\
3029 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"),
3030 idx, section_name (ebl, idx), cnt);
3031
3032 unsigned int auxoffset = offset + def->vd_aux;
3033 GElf_Verdaux auxmem;
3034 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem);
3035 if (aux == NULL)
3036 goto no_data;
3037
3038 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3039 if (name == NULL)
3040 {
3041 ERROR (gettext ("\
3042 section [%2d] '%s': entry %d has invalid name reference\n"),
3043 idx, section_name (ebl, idx), cnt);
3044 goto next_def;
3045 }
3046 GElf_Word hashval = elf_hash (name);
3047 if (def->vd_hash != hashval)
3048 ERROR (gettext ("\
3049 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"),
3050 idx, section_name (ebl, idx), cnt, (int) hashval,
3051 (int) def->vd_hash);
3052
3053 int res = add_version (NULL, name, def->vd_ndx, ver_def);
3054 if (unlikely (res !=0))
3055 {
3056 assert (res > 0);
3057 ERROR (gettext ("\
3058 section [%2d] '%s': entry %d has duplicate version name '%s'\n"),
3059 idx, section_name (ebl, idx), cnt, name);
3060 }
3061
3062 struct namelist *newname = alloca (sizeof (*newname));
3063 newname->name = name;
3064 newname->next = namelist;
3065 namelist = newname;
3066
3067 auxoffset += aux->vda_next;
3068 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2)
3069 {
3070 aux = gelf_getverdaux (data, auxoffset, &auxmem);
3071 if (aux == NULL)
3072 goto no_data;
3073
3074 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name);
3075 if (name == NULL)
3076 ERROR (gettext ("\
3077 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"),
3078 idx, section_name (ebl, idx), cnt);
3079 else
3080 {
3081 newname = alloca (sizeof (*newname));
3082 newname->name = name;
3083 newname->next = refnamelist;
3084 refnamelist = newname;
3085 }
3086
3087 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt)
3088 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1,
3089 EV_CURRENT))
3090 {
3091 ERROR (gettext ("\
3092 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"),
3093 idx, section_name (ebl, idx), cnt);
3094 break;
3095 }
3096
3097 auxoffset += MAX (aux->vda_next,
3098 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT));
3099 }
3100
3101 /* Find the next offset. */
3102 next_def:
3103 offset += def->vd_next;
3104
3105 if ((def->vd_next != 0 || cnt > 0)
3106 && offset < auxoffset)
3107 ERROR (gettext ("\
3108 section [%2d] '%s': entry %d has invalid offset to next entry\n"),
3109 idx, section_name (ebl, idx), cnt);
3110 }
3111
3112 if (!has_base)
3113 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"),
3114 idx, section_name (ebl, idx));
3115
3116 /* Check whether the referenced names are available. */
3117 while (namelist != NULL)
3118 {
3119 struct version_namelist *runp = version_namelist;
3120 while (runp != NULL)
3121 {
3122 if (runp->type == ver_def
3123 && strcmp (runp->name, namelist->name) == 0)
3124 break;
3125 runp = runp->next;
3126 }
3127
3128 if (runp == NULL)
3129 ERROR (gettext ("\
3130 section [%2d] '%s': unknown parent version '%s'\n"),
3131 idx, section_name (ebl, idx), namelist->name);
3132
3133 namelist = namelist->next;
3134 }
3135 }
3136
3137 static void
check_attributes(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)3138 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
3139 {
3140 if (shdr->sh_size == 0)
3141 {
3142 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"),
3143 idx, section_name (ebl, idx));
3144 return;
3145 }
3146
3147 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL);
3148 if (data == NULL || data->d_size == 0)
3149 {
3150 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
3151 idx, section_name (ebl, idx));
3152 return;
3153 }
3154
3155 inline size_t pos (const unsigned char *p)
3156 {
3157 return p - (const unsigned char *) data->d_buf;
3158 }
3159
3160 const unsigned char *p = data->d_buf;
3161 if (*p++ != 'A')
3162 {
3163 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"),
3164 idx, section_name (ebl, idx));
3165 return;
3166 }
3167
3168 inline size_t left (void)
3169 {
3170 return (const unsigned char *) data->d_buf + data->d_size - p;
3171 }
3172
3173 while (left () >= 4)
3174 {
3175 uint32_t len;
3176 memcpy (&len, p, sizeof len);
3177
3178 if (len == 0)
3179 ERROR (gettext ("\
3180 section [%2d] '%s': offset %zu: zero length field in attribute section\n"),
3181 idx, section_name (ebl, idx), pos (p));
3182
3183 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3184 CONVERT (len);
3185
3186 if (len > left ())
3187 {
3188 ERROR (gettext ("\
3189 section [%2d] '%s': offset %zu: invalid length in attribute section\n"),
3190 idx, section_name (ebl, idx), pos (p));
3191 break;
3192 }
3193
3194 const unsigned char *name = p + sizeof len;
3195 p += len;
3196
3197 unsigned const char *q = memchr (name, '\0', len);
3198 if (q == NULL)
3199 {
3200 ERROR (gettext ("\
3201 section [%2d] '%s': offset %zu: unterminated vendor name string\n"),
3202 idx, section_name (ebl, idx), pos (p));
3203 continue;
3204 }
3205 ++q;
3206
3207 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu"))
3208 while (q < p)
3209 {
3210 unsigned const char *chunk = q;
3211
3212 unsigned int subsection_tag;
3213 get_uleb128 (subsection_tag, q);
3214
3215 if (q >= p)
3216 {
3217 ERROR (gettext ("\
3218 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"),
3219 idx, section_name (ebl, idx), pos (chunk));
3220 break;
3221 }
3222
3223 uint32_t subsection_len;
3224 if (p - q < (ptrdiff_t) sizeof subsection_len)
3225 {
3226 ERROR (gettext ("\
3227 section [%2d] '%s': offset %zu: truncated attribute section\n"),
3228 idx, section_name (ebl, idx), pos (q));
3229 break;
3230 }
3231
3232 memcpy (&subsection_len, q, sizeof subsection_len);
3233 if (subsection_len == 0)
3234 {
3235 ERROR (gettext ("\
3236 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"),
3237 idx, section_name (ebl, idx), pos (q));
3238
3239 q += sizeof subsection_len;
3240 continue;
3241 }
3242
3243 if (MY_ELFDATA != ehdr->e_ident[EI_DATA])
3244 CONVERT (subsection_len);
3245
3246 if (p - chunk < (ptrdiff_t) subsection_len)
3247 {
3248 ERROR (gettext ("\
3249 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"),
3250 idx, section_name (ebl, idx), pos (q));
3251 break;
3252 }
3253
3254 const unsigned char *subsection_end = chunk + subsection_len;
3255 chunk = q;
3256 q = subsection_end;
3257
3258 if (subsection_tag != 1) /* Tag_File */
3259 ERROR (gettext ("\
3260 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
3261 idx, section_name (ebl, idx), pos (chunk), subsection_tag);
3262 else
3263 {
3264 chunk += sizeof subsection_len;
3265 while (chunk < q)
3266 {
3267 unsigned int tag;
3268 get_uleb128 (tag, chunk);
3269
3270 uint64_t value = 0;
3271 const unsigned char *r = chunk;
3272 if (tag == 32 || (tag & 1) == 0)
3273 {
3274 get_uleb128 (value, r);
3275 if (r > q)
3276 {
3277 ERROR (gettext ("\
3278 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
3279 idx, section_name (ebl, idx), pos (chunk));
3280 break;
3281 }
3282 }
3283 if (tag == 32 || (tag & 1) != 0)
3284 {
3285 r = memchr (r, '\0', q - r);
3286 if (r == NULL)
3287 {
3288 ERROR (gettext ("\
3289 section [%2d] '%s': offset %zu: unterminated string in attribute\n"),
3290 idx, section_name (ebl, idx), pos (chunk));
3291 break;
3292 }
3293 ++r;
3294 }
3295
3296 const char *tag_name = NULL;
3297 const char *value_name = NULL;
3298 if (!ebl_check_object_attribute (ebl, (const char *) name,
3299 tag, value,
3300 &tag_name, &value_name))
3301 ERROR (gettext ("\
3302 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"),
3303 idx, section_name (ebl, idx), pos (chunk), tag);
3304 else if ((tag & 1) == 0 && value_name == NULL)
3305 ERROR (gettext ("\
3306 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"),
3307 idx, section_name (ebl, idx), pos (chunk),
3308 tag_name, value);
3309
3310 chunk = r;
3311 }
3312 }
3313 }
3314 else
3315 ERROR (gettext ("\
3316 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"),
3317 idx, section_name (ebl, idx), pos (p), name);
3318 }
3319
3320 if (left () != 0)
3321 ERROR (gettext ("\
3322 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"),
3323 idx, section_name (ebl, idx), pos (p));
3324 }
3325
3326 static bool has_loadable_segment;
3327 static bool has_interp_segment;
3328
3329 static const struct
3330 {
3331 const char *name;
3332 size_t namelen;
3333 GElf_Word type;
3334 enum { unused, exact, atleast, exact_or_gnuld } attrflag;
3335 GElf_Word attr;
3336 GElf_Word attr2;
3337 } special_sections[] =
3338 {
3339 /* See figure 4-14 in the gABI. */
3340 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3341 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS },
3342 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3343 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 },
3344 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 },
3345 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 },
3346 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE },
3347 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 },
3348 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 },
3349 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3350 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3351 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info?
3352 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 },
3353 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3354 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3355 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests?
3356 { ".line", 6, SHT_PROGBITS, exact, 0, 0 },
3357 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC },
3358 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests
3359 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 },
3360 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC }, // XXX more tests
3361 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC }, // XXX more tests
3362 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3363 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS },
3364 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 },
3365 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3366 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests
3367 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests
3368 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3369 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3370 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 },
3371 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 },
3372
3373 /* The following are GNU extensions. */
3374 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 },
3375 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 },
3376 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 },
3377 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 },
3378 };
3379 #define nspecial_sections \
3380 (sizeof (special_sections) / sizeof (special_sections[0]))
3381
3382 #define IS_KNOWN_SPECIAL(idx, string, prefix) \
3383 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \
3384 && !memcmp (special_sections[idx].name, string, \
3385 sizeof string - (prefix ? 1 : 0)))
3386
3387
3388 /* Indeces of some sections we need later. */
3389 static size_t eh_frame_hdr_scnndx;
3390 static size_t eh_frame_scnndx;
3391 static size_t gcc_except_table_scnndx;
3392
3393
3394 static void
check_sections(Ebl * ebl,GElf_Ehdr * ehdr)3395 check_sections (Ebl *ebl, GElf_Ehdr *ehdr)
3396 {
3397 if (ehdr->e_shoff == 0)
3398 /* No section header. */
3399 return;
3400
3401 /* Allocate array to count references in section groups. */
3402 scnref = (int *) xcalloc (shnum, sizeof (int));
3403
3404 /* Check the zeroth section first. It must not have any contents
3405 and the section header must contain nonzero value at most in the
3406 sh_size and sh_link fields. */
3407 GElf_Shdr shdr_mem;
3408 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem);
3409 if (shdr == NULL)
3410 ERROR (gettext ("cannot get section header of zeroth section\n"));
3411 else
3412 {
3413 if (shdr->sh_name != 0)
3414 ERROR (gettext ("zeroth section has nonzero name\n"));
3415 if (shdr->sh_type != 0)
3416 ERROR (gettext ("zeroth section has nonzero type\n"));
3417 if (shdr->sh_flags != 0)
3418 ERROR (gettext ("zeroth section has nonzero flags\n"));
3419 if (shdr->sh_addr != 0)
3420 ERROR (gettext ("zeroth section has nonzero address\n"));
3421 if (shdr->sh_offset != 0)
3422 ERROR (gettext ("zeroth section has nonzero offset\n"));
3423 if (shdr->sh_addralign != 0)
3424 ERROR (gettext ("zeroth section has nonzero align value\n"));
3425 if (shdr->sh_entsize != 0)
3426 ERROR (gettext ("zeroth section has nonzero entry size value\n"));
3427
3428 if (shdr->sh_size != 0 && ehdr->e_shnum != 0)
3429 ERROR (gettext ("\
3430 zeroth section has nonzero size value while ELF header has nonzero shnum value\n"));
3431
3432 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX)
3433 ERROR (gettext ("\
3434 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n"));
3435
3436 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM)
3437 ERROR (gettext ("\
3438 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n"));
3439 }
3440
3441 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]);
3442
3443 bool dot_interp_section = false;
3444
3445 size_t hash_idx = 0;
3446 size_t gnu_hash_idx = 0;
3447
3448 size_t versym_scnndx = 0;
3449 for (size_t cnt = 1; cnt < shnum; ++cnt)
3450 {
3451 shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem);
3452 if (shdr == NULL)
3453 {
3454 ERROR (gettext ("\
3455 cannot get section header for section [%2zu] '%s': %s\n"),
3456 cnt, section_name (ebl, cnt), elf_errmsg (-1));
3457 continue;
3458 }
3459
3460 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name);
3461
3462 if (scnname == NULL)
3463 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt);
3464 else
3465 {
3466 /* Check whether it is one of the special sections defined in
3467 the gABI. */
3468 size_t s;
3469 for (s = 0; s < nspecial_sections; ++s)
3470 if (strncmp (scnname, special_sections[s].name,
3471 special_sections[s].namelen) == 0)
3472 {
3473 char stbuf1[100];
3474 char stbuf2[100];
3475 char stbuf3[100];
3476
3477 GElf_Word good_type = special_sections[s].type;
3478 if (IS_KNOWN_SPECIAL (s, ".plt", false)
3479 && ebl_bss_plt_p (ebl, ehdr))
3480 good_type = SHT_NOBITS;
3481
3482 /* In a debuginfo file, any normal section can be SHT_NOBITS.
3483 This is only invalid for DWARF sections and .shstrtab. */
3484 if (shdr->sh_type != good_type
3485 && (shdr->sh_type != SHT_NOBITS
3486 || !is_debuginfo
3487 || IS_KNOWN_SPECIAL (s, ".debug_str", false)
3488 || IS_KNOWN_SPECIAL (s, ".debug", true)
3489 || IS_KNOWN_SPECIAL (s, ".shstrtab", false)))
3490 ERROR (gettext ("\
3491 section [%2d] '%s' has wrong type: expected %s, is %s\n"),
3492 (int) cnt, scnname,
3493 ebl_section_type_name (ebl, special_sections[s].type,
3494 stbuf1, sizeof (stbuf1)),
3495 ebl_section_type_name (ebl, shdr->sh_type,
3496 stbuf2, sizeof (stbuf2)));
3497
3498 if (special_sections[s].attrflag == exact
3499 || special_sections[s].attrflag == exact_or_gnuld)
3500 {
3501 /* Except for the link order and group bit all the
3502 other bits should match exactly. */
3503 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP))
3504 != special_sections[s].attr
3505 && (special_sections[s].attrflag == exact || !gnuld))
3506 ERROR (gettext ("\
3507 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"),
3508 cnt, scnname,
3509 section_flags_string (special_sections[s].attr,
3510 stbuf1, sizeof (stbuf1)),
3511 section_flags_string (shdr->sh_flags
3512 & ~SHF_LINK_ORDER,
3513 stbuf2, sizeof (stbuf2)));
3514 }
3515 else if (special_sections[s].attrflag == atleast)
3516 {
3517 if ((shdr->sh_flags & special_sections[s].attr)
3518 != special_sections[s].attr
3519 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP
3520 | special_sections[s].attr
3521 | special_sections[s].attr2))
3522 != 0))
3523 ERROR (gettext ("\
3524 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"),
3525 cnt, scnname,
3526 section_flags_string (special_sections[s].attr,
3527 stbuf1, sizeof (stbuf1)),
3528 section_flags_string (special_sections[s].attr2,
3529 stbuf2, sizeof (stbuf2)),
3530 section_flags_string (shdr->sh_flags
3531 & ~(SHF_LINK_ORDER
3532 | SHF_GROUP),
3533 stbuf3, sizeof (stbuf3)));
3534 }
3535
3536 if (strcmp (scnname, ".interp") == 0)
3537 {
3538 dot_interp_section = true;
3539
3540 if (ehdr->e_type == ET_REL)
3541 ERROR (gettext ("\
3542 section [%2zu] '%s' present in object file\n"),
3543 cnt, scnname);
3544
3545 if ((shdr->sh_flags & SHF_ALLOC) != 0
3546 && !has_loadable_segment)
3547 ERROR (gettext ("\
3548 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3549 cnt, scnname);
3550 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3551 && has_loadable_segment)
3552 ERROR (gettext ("\
3553 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3554 cnt, scnname);
3555 }
3556 else
3557 {
3558 if (strcmp (scnname, ".symtab_shndx") == 0
3559 && ehdr->e_type != ET_REL)
3560 ERROR (gettext ("\
3561 section [%2zu] '%s' is extension section index table in non-object file\n"),
3562 cnt, scnname);
3563
3564 /* These sections must have the SHF_ALLOC flag set iff
3565 a loadable segment is available.
3566
3567 .relxxx
3568 .strtab
3569 .symtab
3570 .symtab_shndx
3571
3572 Check that if there is a reference from the
3573 loaded section these sections also have the
3574 ALLOC flag set. */
3575 #if 0
3576 // XXX TODO
3577 if ((shdr->sh_flags & SHF_ALLOC) != 0
3578 && !has_loadable_segment)
3579 ERROR (gettext ("\
3580 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"),
3581 cnt, scnname);
3582 else if ((shdr->sh_flags & SHF_ALLOC) == 0
3583 && has_loadable_segment)
3584 ERROR (gettext ("\
3585 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"),
3586 cnt, scnname);
3587 #endif
3588 }
3589
3590 break;
3591 }
3592
3593 /* Remember a few special sections for later. */
3594 if (strcmp (scnname, ".eh_frame_hdr") == 0)
3595 eh_frame_hdr_scnndx = cnt;
3596 else if (strcmp (scnname, ".eh_frame") == 0)
3597 eh_frame_scnndx = cnt;
3598 else if (strcmp (scnname, ".gcc_except_table") == 0)
3599 gcc_except_table_scnndx = cnt;
3600 }
3601
3602 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize)
3603 ERROR (gettext ("\
3604 section [%2zu] '%s': size not multiple of entry size\n"),
3605 cnt, section_name (ebl, cnt));
3606
3607 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL)
3608 ERROR (gettext ("cannot get section header\n"));
3609
3610 if (shdr->sh_type >= SHT_NUM
3611 && shdr->sh_type != SHT_GNU_ATTRIBUTES
3612 && shdr->sh_type != SHT_GNU_LIBLIST
3613 && shdr->sh_type != SHT_CHECKSUM
3614 && shdr->sh_type != SHT_GNU_verdef
3615 && shdr->sh_type != SHT_GNU_verneed
3616 && shdr->sh_type != SHT_GNU_versym
3617 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL)
3618 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"),
3619 cnt, section_name (ebl, cnt),
3620 (int) shdr->sh_type);
3621
3622 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \
3623 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \
3624 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS)
3625 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS)
3626 {
3627 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS;
3628 if (sh_flags & SHF_MASKPROC)
3629 {
3630 if (!ebl_machine_section_flag_check (ebl,
3631 sh_flags & SHF_MASKPROC))
3632 ERROR (gettext ("section [%2zu] '%s'"
3633 " contains invalid processor-specific flag(s)"
3634 " %#" PRIx64 "\n"),
3635 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC);
3636 sh_flags &= ~(GElf_Xword) SHF_MASKPROC;
3637 }
3638 if (sh_flags != 0)
3639 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)"
3640 " %#" PRIx64 "\n"),
3641 cnt, section_name (ebl, cnt), sh_flags);
3642 }
3643 if (shdr->sh_flags & SHF_TLS)
3644 {
3645 // XXX Correct?
3646 if (shdr->sh_addr != 0 && !gnuld)
3647 ERROR (gettext ("\
3648 section [%2zu] '%s': thread-local data sections address not zero\n"),
3649 cnt, section_name (ebl, cnt));
3650
3651 // XXX TODO more tests!?
3652 }
3653
3654 if (shdr->sh_link >= shnum)
3655 ERROR (gettext ("\
3656 section [%2zu] '%s': invalid section reference in link value\n"),
3657 cnt, section_name (ebl, cnt));
3658
3659 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum)
3660 ERROR (gettext ("\
3661 section [%2zu] '%s': invalid section reference in info value\n"),
3662 cnt, section_name (ebl, cnt));
3663
3664 if ((shdr->sh_flags & SHF_MERGE) == 0
3665 && (shdr->sh_flags & SHF_STRINGS) != 0
3666 && be_strict)
3667 ERROR (gettext ("\
3668 section [%2zu] '%s': strings flag set without merge flag\n"),
3669 cnt, section_name (ebl, cnt));
3670
3671 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0)
3672 ERROR (gettext ("\
3673 section [%2zu] '%s': merge flag set but entry size is zero\n"),
3674 cnt, section_name (ebl, cnt));
3675
3676 if (shdr->sh_flags & SHF_GROUP)
3677 check_scn_group (ebl, cnt);
3678
3679 if (shdr->sh_flags & SHF_EXECINSTR)
3680 {
3681 switch (shdr->sh_type)
3682 {
3683 case SHT_PROGBITS:
3684 break;
3685
3686 case SHT_NOBITS:
3687 if (is_debuginfo)
3688 break;
3689 default:
3690 ERROR (gettext ("\
3691 section [%2zu] '%s' has unexpected type %d for an executable section\n"),
3692 cnt, section_name (ebl, cnt), shdr->sh_type);
3693 break;
3694 }
3695
3696 if ((shdr->sh_flags & SHF_WRITE)
3697 && !ebl_check_special_section (ebl, cnt, shdr,
3698 section_name (ebl, cnt)))
3699 ERROR (gettext ("\
3700 section [%2zu] '%s' is both executable and writable\n"),
3701 cnt, section_name (ebl, cnt));
3702 }
3703
3704 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0)
3705 {
3706 /* Make sure the section is contained in a loaded segment
3707 and that the initialization part matches NOBITS sections. */
3708 unsigned int pcnt;
3709 GElf_Phdr phdr_mem;
3710 GElf_Phdr *phdr;
3711
3712 for (pcnt = 0; pcnt < phnum; ++pcnt)
3713 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL
3714 && ((phdr->p_type == PT_LOAD
3715 && (shdr->sh_flags & SHF_TLS) == 0)
3716 || (phdr->p_type == PT_TLS
3717 && (shdr->sh_flags & SHF_TLS) != 0))
3718 && phdr->p_offset <= shdr->sh_offset
3719 && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset
3720 || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset
3721 && shdr->sh_type == SHT_NOBITS)))
3722 {
3723 /* Found the segment. */
3724 if (phdr->p_offset + phdr->p_memsz
3725 < shdr->sh_offset + shdr->sh_size)
3726 ERROR (gettext ("\
3727 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"),
3728 cnt, section_name (ebl, cnt), pcnt);
3729
3730 if (shdr->sh_type == SHT_NOBITS)
3731 {
3732 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz
3733 && !is_debuginfo)
3734 ERROR (gettext ("\
3735 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"),
3736 cnt, section_name (ebl, cnt), pcnt);
3737 }
3738 else
3739 {
3740 const GElf_Off end = phdr->p_offset + phdr->p_filesz;
3741 if (shdr->sh_offset > end ||
3742 (shdr->sh_offset == end && shdr->sh_size != 0))
3743 ERROR (gettext ("\
3744 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"),
3745 cnt, section_name (ebl, cnt), pcnt);
3746 }
3747
3748 if (shdr->sh_type != SHT_NOBITS)
3749 {
3750 if ((shdr->sh_flags & SHF_EXECINSTR) != 0)
3751 {
3752 segment_flags[pcnt] |= PF_X;
3753 if ((phdr->p_flags & PF_X) == 0)
3754 ERROR (gettext ("\
3755 section [%2zu] '%s' is executable in nonexecutable segment %d\n"),
3756 cnt, section_name (ebl, cnt), pcnt);
3757 }
3758
3759 if ((shdr->sh_flags & SHF_WRITE) != 0)
3760 {
3761 segment_flags[pcnt] |= PF_W;
3762 if (0 /* XXX vdso images have this */
3763 && (phdr->p_flags & PF_W) == 0)
3764 ERROR (gettext ("\
3765 section [%2zu] '%s' is writable in unwritable segment %d\n"),
3766 cnt, section_name (ebl, cnt), pcnt);
3767 }
3768 }
3769
3770 break;
3771 }
3772
3773 if (pcnt == phnum)
3774 ERROR (gettext ("\
3775 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"),
3776 cnt, section_name (ebl, cnt));
3777 }
3778
3779 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB)
3780 ERROR (gettext ("\
3781 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"),
3782 cnt, section_name (ebl, cnt));
3783
3784 switch (shdr->sh_type)
3785 {
3786 case SHT_DYNSYM:
3787 if (ehdr->e_type == ET_REL)
3788 ERROR (gettext ("\
3789 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"),
3790 cnt, section_name (ebl, cnt));
3791 /* FALLTHROUGH */
3792 case SHT_SYMTAB:
3793 check_symtab (ebl, ehdr, shdr, cnt);
3794 break;
3795
3796 case SHT_RELA:
3797 check_rela (ebl, ehdr, shdr, cnt);
3798 break;
3799
3800 case SHT_REL:
3801 check_rel (ebl, ehdr, shdr, cnt);
3802 break;
3803
3804 case SHT_DYNAMIC:
3805 check_dynamic (ebl, ehdr, shdr, cnt);
3806 break;
3807
3808 case SHT_SYMTAB_SHNDX:
3809 check_symtab_shndx (ebl, ehdr, shdr, cnt);
3810 break;
3811
3812 case SHT_HASH:
3813 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
3814 hash_idx = cnt;
3815 break;
3816
3817 case SHT_GNU_HASH:
3818 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt);
3819 gnu_hash_idx = cnt;
3820 break;
3821
3822 case SHT_NULL:
3823 check_null (ebl, shdr, cnt);
3824 break;
3825
3826 case SHT_GROUP:
3827 check_group (ebl, ehdr, shdr, cnt);
3828 break;
3829
3830 case SHT_NOTE:
3831 check_note_section (ebl, ehdr, shdr, cnt);
3832 break;
3833
3834 case SHT_GNU_versym:
3835 /* We cannot process this section now since we have no guarantee
3836 that the verneed and verdef sections have already been read.
3837 Just remember the section index. */
3838 if (versym_scnndx != 0)
3839 ERROR (gettext ("more than one version symbol table present\n"));
3840 versym_scnndx = cnt;
3841 break;
3842
3843 case SHT_GNU_verneed:
3844 check_verneed (ebl, shdr, cnt);
3845 break;
3846
3847 case SHT_GNU_verdef:
3848 check_verdef (ebl, shdr, cnt);
3849 break;
3850
3851 case SHT_GNU_ATTRIBUTES:
3852 check_attributes (ebl, ehdr, shdr, cnt);
3853 break;
3854
3855 default:
3856 /* Nothing. */
3857 break;
3858 }
3859 }
3860
3861 if (has_interp_segment && !dot_interp_section)
3862 ERROR (gettext ("INTERP program header entry but no .interp section\n"));
3863
3864 if (!is_debuginfo)
3865 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt)
3866 {
3867 GElf_Phdr phdr_mem;
3868 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
3869 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS))
3870 {
3871 if ((phdr->p_flags & PF_X) != 0
3872 && (segment_flags[pcnt] & PF_X) == 0)
3873 ERROR (gettext ("\
3874 loadable segment [%u] is executable but contains no executable sections\n"),
3875 pcnt);
3876
3877 if ((phdr->p_flags & PF_W) != 0
3878 && (segment_flags[pcnt] & PF_W) == 0)
3879 ERROR (gettext ("\
3880 loadable segment [%u] is writable but contains no writable sections\n"),
3881 pcnt);
3882 }
3883 }
3884
3885 free (segment_flags);
3886
3887 if (version_namelist != NULL)
3888 {
3889 if (versym_scnndx == 0)
3890 ERROR (gettext ("\
3891 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n"));
3892 else
3893 check_versym (ebl, versym_scnndx);
3894
3895 /* Check for duplicate index numbers. */
3896 do
3897 {
3898 struct version_namelist *runp = version_namelist->next;
3899 while (runp != NULL)
3900 {
3901 if (version_namelist->ndx == runp->ndx)
3902 {
3903 ERROR (gettext ("duplicate version index %d\n"),
3904 (int) version_namelist->ndx);
3905 break;
3906 }
3907 runp = runp->next;
3908 }
3909
3910 struct version_namelist *old = version_namelist;
3911 version_namelist = version_namelist->next;
3912 free (old);
3913 }
3914 while (version_namelist != NULL);
3915 }
3916 else if (versym_scnndx != 0)
3917 ERROR (gettext ("\
3918 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n"));
3919
3920 if (hash_idx != 0 && gnu_hash_idx != 0)
3921 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx);
3922
3923 free (scnref);
3924 }
3925
3926
3927 static GElf_Off
check_note_data(Ebl * ebl,const GElf_Ehdr * ehdr,Elf_Data * data,int shndx,int phndx,GElf_Off start)3928 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr,
3929 Elf_Data *data, int shndx, int phndx, GElf_Off start)
3930 {
3931 size_t offset = 0;
3932 size_t last_offset = 0;
3933 GElf_Nhdr nhdr;
3934 size_t name_offset;
3935 size_t desc_offset;
3936 while (offset < data->d_size
3937 && (offset = gelf_getnote (data, offset,
3938 &nhdr, &name_offset, &desc_offset)) > 0)
3939 {
3940 last_offset = offset;
3941
3942 /* Make sure it is one of the note types we know about. */
3943 if (ehdr->e_type == ET_CORE)
3944 switch (nhdr.n_type)
3945 {
3946 case NT_PRSTATUS:
3947 case NT_FPREGSET:
3948 case NT_PRPSINFO:
3949 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */
3950 case NT_PLATFORM:
3951 case NT_AUXV:
3952 case NT_GWINDOWS:
3953 case NT_ASRS:
3954 case NT_PSTATUS:
3955 case NT_PSINFO:
3956 case NT_PRCRED:
3957 case NT_UTSNAME:
3958 case NT_LWPSTATUS:
3959 case NT_LWPSINFO:
3960 case NT_PRFPXREG:
3961 /* Known type. */
3962 break;
3963
3964 default:
3965 if (shndx == 0)
3966 ERROR (gettext ("\
3967 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"),
3968 phndx, (uint32_t) nhdr.n_type, start + offset);
3969 else
3970 ERROR (gettext ("\
3971 section [%2d] '%s': unknown core file note type %" PRIu32
3972 " at offset %Zu\n"),
3973 shndx, section_name (ebl, shndx),
3974 (uint32_t) nhdr.n_type, offset);
3975 }
3976 else
3977 switch (nhdr.n_type)
3978 {
3979 case NT_GNU_ABI_TAG:
3980 case NT_GNU_HWCAP:
3981 case NT_GNU_BUILD_ID:
3982 case NT_GNU_GOLD_VERSION:
3983 break;
3984
3985 case 0:
3986 /* Linux vDSOs use a type 0 note for the kernel version word. */
3987 if (nhdr.n_namesz == sizeof "Linux"
3988 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux"))
3989 break;
3990
3991 default:
3992 if (shndx == 0)
3993 ERROR (gettext ("\
3994 phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"),
3995 phndx, (uint32_t) nhdr.n_type, offset);
3996 else
3997 ERROR (gettext ("\
3998 section [%2d] '%s': unknown object file note type %" PRIu32
3999 " at offset %Zu\n"),
4000 shndx, section_name (ebl, shndx),
4001 (uint32_t) nhdr.n_type, offset);
4002 }
4003 }
4004
4005 return last_offset;
4006 }
4007
4008
4009 static void
check_note(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Phdr * phdr,int cnt)4010 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt)
4011 {
4012 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4013 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4014 ERROR (gettext ("\
4015 phdr[%d]: no note entries defined for the type of file\n"),
4016 cnt);
4017
4018 if (is_debuginfo)
4019 /* The p_offset values in a separate debug file are bogus. */
4020 return;
4021
4022 if (phdr->p_filesz == 0)
4023 return;
4024
4025 GElf_Off notes_size = 0;
4026 Elf_Data *data = elf_getdata_rawchunk (ebl->elf,
4027 phdr->p_offset, phdr->p_filesz,
4028 ELF_T_NHDR);
4029 if (data != NULL)
4030 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset);
4031
4032 if (notes_size == 0)
4033 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"),
4034 cnt, elf_errmsg (-1));
4035 else if (notes_size != phdr->p_filesz)
4036 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"),
4037 cnt, phdr->p_filesz - notes_size);
4038 }
4039
4040
4041 static void
check_note_section(Ebl * ebl,GElf_Ehdr * ehdr,GElf_Shdr * shdr,int idx)4042 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx)
4043 {
4044 if (shdr->sh_size == 0)
4045 return;
4046
4047 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL);
4048 if (data == NULL)
4049 {
4050 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"),
4051 idx, section_name (ebl, idx));
4052 return;
4053 }
4054
4055 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL
4056 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
4057 ERROR (gettext ("\
4058 section [%2d] '%s': no note entries defined for the type of file\n"),
4059 idx, section_name (ebl, idx));
4060
4061 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0);
4062
4063 if (notes_size == 0)
4064 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"),
4065 idx, section_name (ebl, idx));
4066 else if (notes_size != shdr->sh_size)
4067 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64
4068 " bytes after last note\n"),
4069 idx, section_name (ebl, idx), shdr->sh_size - notes_size);
4070 }
4071
4072
4073 /* Index of the PT_GNU_EH_FRAME program eader entry. */
4074 static int pt_gnu_eh_frame_pndx;
4075
4076
4077 static void
check_program_header(Ebl * ebl,GElf_Ehdr * ehdr)4078 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr)
4079 {
4080 if (ehdr->e_phoff == 0)
4081 return;
4082
4083 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN
4084 && ehdr->e_type != ET_CORE)
4085 ERROR (gettext ("\
4086 only executables, shared objects, and core files can have program headers\n"));
4087
4088 int num_pt_interp = 0;
4089 int num_pt_tls = 0;
4090 int num_pt_relro = 0;
4091
4092 for (unsigned int cnt = 0; cnt < phnum; ++cnt)
4093 {
4094 GElf_Phdr phdr_mem;
4095 GElf_Phdr *phdr;
4096
4097 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem);
4098 if (phdr == NULL)
4099 {
4100 ERROR (gettext ("cannot get program header entry %d: %s\n"),
4101 cnt, elf_errmsg (-1));
4102 continue;
4103 }
4104
4105 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME
4106 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO
4107 /* Check for a known machine-specific type. */
4108 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL)
4109 ERROR (gettext ("\
4110 program header entry %d: unknown program header entry type %#" PRIx64 "\n"),
4111 cnt, (uint64_t) phdr->p_type);
4112
4113 if (phdr->p_type == PT_LOAD)
4114 has_loadable_segment = true;
4115 else if (phdr->p_type == PT_INTERP)
4116 {
4117 if (++num_pt_interp != 1)
4118 {
4119 if (num_pt_interp == 2)
4120 ERROR (gettext ("\
4121 more than one INTERP entry in program header\n"));
4122 }
4123 has_interp_segment = true;
4124 }
4125 else if (phdr->p_type == PT_TLS)
4126 {
4127 if (++num_pt_tls == 2)
4128 ERROR (gettext ("more than one TLS entry in program header\n"));
4129 }
4130 else if (phdr->p_type == PT_NOTE)
4131 check_note (ebl, ehdr, phdr, cnt);
4132 else if (phdr->p_type == PT_DYNAMIC)
4133 {
4134 if (ehdr->e_type == ET_EXEC && ! has_interp_segment)
4135 ERROR (gettext ("\
4136 static executable cannot have dynamic sections\n"));
4137 else
4138 {
4139 /* Check that the .dynamic section, if it exists, has
4140 the same address. */
4141 Elf_Scn *scn = NULL;
4142 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4143 {
4144 GElf_Shdr shdr_mem;
4145 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem);
4146 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC)
4147 {
4148 if (phdr->p_offset != shdr->sh_offset)
4149 ERROR (gettext ("\
4150 dynamic section reference in program header has wrong offset\n"));
4151 if (phdr->p_memsz != shdr->sh_size)
4152 ERROR (gettext ("\
4153 dynamic section size mismatch in program and section header\n"));
4154 break;
4155 }
4156 }
4157 }
4158 }
4159 else if (phdr->p_type == PT_GNU_RELRO)
4160 {
4161 if (++num_pt_relro == 2)
4162 ERROR (gettext ("\
4163 more than one GNU_RELRO entry in program header\n"));
4164 else
4165 {
4166 /* Check that the region is in a writable segment. */
4167 unsigned int inner;
4168 for (inner = 0; inner < phnum; ++inner)
4169 {
4170 GElf_Phdr phdr2_mem;
4171 GElf_Phdr *phdr2;
4172
4173 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4174 if (phdr2 == NULL)
4175 continue;
4176
4177 if (phdr2->p_type == PT_LOAD
4178 && phdr->p_vaddr >= phdr2->p_vaddr
4179 && (phdr->p_vaddr + phdr->p_memsz
4180 <= phdr2->p_vaddr + phdr2->p_memsz))
4181 {
4182 if ((phdr2->p_flags & PF_W) == 0)
4183 ERROR (gettext ("\
4184 loadable segment GNU_RELRO applies to is not writable\n"));
4185 if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W))
4186 ERROR (gettext ("\
4187 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"),
4188 cnt, inner);
4189 break;
4190 }
4191 }
4192
4193 if (inner >= phnum)
4194 ERROR (gettext ("\
4195 %s segment not contained in a loaded segment\n"), "GNU_RELRO");
4196 }
4197 }
4198 else if (phdr->p_type == PT_PHDR)
4199 {
4200 /* Check that the region is in a writable segment. */
4201 unsigned int inner;
4202 for (inner = 0; inner < phnum; ++inner)
4203 {
4204 GElf_Phdr phdr2_mem;
4205 GElf_Phdr *phdr2;
4206
4207 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem);
4208 if (phdr2 != NULL
4209 && phdr2->p_type == PT_LOAD
4210 && phdr->p_vaddr >= phdr2->p_vaddr
4211 && (phdr->p_vaddr + phdr->p_memsz
4212 <= phdr2->p_vaddr + phdr2->p_memsz))
4213 break;
4214 }
4215
4216 if (inner >= phnum)
4217 ERROR (gettext ("\
4218 %s segment not contained in a loaded segment\n"), "PHDR");
4219
4220 /* Check that offset in segment corresponds to offset in ELF
4221 header. */
4222 if (phdr->p_offset != ehdr->e_phoff)
4223 ERROR (gettext ("\
4224 program header offset in ELF header and PHDR entry do not match"));
4225 }
4226 else if (phdr->p_type == PT_GNU_EH_FRAME)
4227 {
4228 /* If there is an .eh_frame_hdr section it must be
4229 referenced by this program header entry. */
4230 Elf_Scn *scn = NULL;
4231 GElf_Shdr shdr_mem;
4232 GElf_Shdr *shdr = NULL;
4233 bool any = false;
4234 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL)
4235 {
4236 any = true;
4237 shdr = gelf_getshdr (scn, &shdr_mem);
4238 if (shdr != NULL
4239 && shdr->sh_type == (is_debuginfo
4240 ? SHT_NOBITS : SHT_PROGBITS)
4241 && ! strcmp (".eh_frame_hdr",
4242 elf_strptr (ebl->elf, shstrndx, shdr->sh_name)))
4243 {
4244 if (! is_debuginfo)
4245 {
4246 if (phdr->p_offset != shdr->sh_offset)
4247 ERROR (gettext ("\
4248 call frame search table reference in program header has wrong offset\n"));
4249 if (phdr->p_memsz != shdr->sh_size)
4250 ERROR (gettext ("\
4251 call frame search table size mismatch in program and section header\n"));
4252 }
4253 break;
4254 }
4255 }
4256
4257 if (scn == NULL)
4258 {
4259 /* If there is no section header table we don't
4260 complain. But if there is one there should be an
4261 entry for .eh_frame_hdr. */
4262 if (any)
4263 ERROR (gettext ("\
4264 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n"));
4265 }
4266 else
4267 {
4268 /* The section must be allocated and not be writable and
4269 executable. */
4270 if ((phdr->p_flags & PF_R) == 0)
4271 ERROR (gettext ("\
4272 call frame search table must be allocated\n"));
4273 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0)
4274 ERROR (gettext ("\
4275 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr");
4276
4277 if ((phdr->p_flags & PF_W) != 0)
4278 ERROR (gettext ("\
4279 call frame search table must not be writable\n"));
4280 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0)
4281 ERROR (gettext ("\
4282 section [%2zu] '%s' must not be writable\n"),
4283 elf_ndxscn (scn), ".eh_frame_hdr");
4284
4285 if ((phdr->p_flags & PF_X) != 0)
4286 ERROR (gettext ("\
4287 call frame search table must not be executable\n"));
4288 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0)
4289 ERROR (gettext ("\
4290 section [%2zu] '%s' must not be executable\n"),
4291 elf_ndxscn (scn), ".eh_frame_hdr");
4292 }
4293
4294 /* Remember which entry this is. */
4295 pt_gnu_eh_frame_pndx = cnt;
4296 }
4297
4298 if (phdr->p_filesz > phdr->p_memsz
4299 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE))
4300 ERROR (gettext ("\
4301 program header entry %d: file size greater than memory size\n"),
4302 cnt);
4303
4304 if (phdr->p_align > 1)
4305 {
4306 if (!powerof2 (phdr->p_align))
4307 ERROR (gettext ("\
4308 program header entry %d: alignment not a power of 2\n"), cnt);
4309 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0)
4310 ERROR (gettext ("\
4311 program header entry %d: file offset and virtual address not module of alignment\n"), cnt);
4312 }
4313 }
4314 }
4315
4316
4317 static void
check_exception_data(Ebl * ebl,GElf_Ehdr * ehdr)4318 check_exception_data (Ebl *ebl __attribute__ ((unused)),
4319 GElf_Ehdr *ehdr __attribute__ ((unused)))
4320 {
4321 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)
4322 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0)
4323 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have "
4324 "a PT_GNU_EH_FRAME program header entry"));
4325 }
4326
4327
4328 /* Process one file. */
4329 static void
process_elf_file(Elf * elf,const char * prefix,const char * suffix,const char * fname,size_t size,bool only_one)4330 process_elf_file (Elf *elf, const char *prefix, const char *suffix,
4331 const char *fname, size_t size, bool only_one)
4332 {
4333 /* Reset variables. */
4334 ndynamic = 0;
4335 nverneed = 0;
4336 nverdef = 0;
4337 textrel = false;
4338 needed_textrel = false;
4339 has_loadable_segment = false;
4340 has_interp_segment = false;
4341
4342 GElf_Ehdr ehdr_mem;
4343 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem);
4344 Ebl *ebl;
4345
4346 /* Print the file name. */
4347 if (!only_one)
4348 {
4349 if (prefix != NULL)
4350 printf ("\n%s(%s)%s:\n", prefix, fname, suffix);
4351 else
4352 printf ("\n%s:\n", fname);
4353 }
4354
4355 if (ehdr == NULL)
4356 {
4357 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1));
4358 return;
4359 }
4360
4361 ebl = ebl_openbackend (elf);
4362 /* If there is no appropriate backend library we cannot test
4363 architecture and OS specific features. Any encountered extension
4364 is an error. */
4365
4366 /* Go straight by the gABI, check all the parts in turn. */
4367 check_elf_header (ebl, ehdr, size);
4368
4369 /* Check the program header. */
4370 check_program_header (ebl, ehdr);
4371
4372 /* Next the section headers. It is OK if there are no section
4373 headers at all. */
4374 check_sections (ebl, ehdr);
4375
4376 /* Check the exception handling data, if it exists. */
4377 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0
4378 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0)
4379 check_exception_data (ebl, ehdr);
4380
4381 /* Report if no relocation section needed the text relocation flag. */
4382 if (textrel && !needed_textrel)
4383 ERROR (gettext ("text relocation flag set but not needed\n"));
4384
4385 /* Free the resources. */
4386 ebl_closebackend (ebl);
4387 }
4388
4389
4390 #include "debugpred.h"
4391