Bug 1352232

Summary: Libelf: Can't add Program Header when e_type is set to OS/Proc specific
Product: [Fedora] Fedora Reporter: remy.fontayne
Component: elfutilsAssignee: Mark Wielaard <mjw>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 25CC: aoliva, fche, jakub, me, mjw, mjw, roland
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: elfutils-0.167-1.fc25 elfutils-0.167-1.fc24 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-06 22:21:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description remy.fontayne 2016-07-02 20:02:21 UTC 
Description of problem:
LibELF can't add a Program Header when e_type is set to OS/Proc specific.

Version-Release number of selected component (if applicable):
elfutil:96e140f6687922606657a76f185a73cf47908ef2 master

How reproducible:

Steps to Reproduce:
1. Create an ELF with the e_type value set to a vendor specific value (ex. 0xffa0) and 1 Program Header
2. Call the elf_update function

Actual results:
The elf_update function will fail with ELF_E_INVALID_PHDR.

Expected results:
The elf_update e_type check should allow PH creation when e_type is set to OS/Proc specific.

Additional info:

The actual check is done in elf32_updatenull.c -> updatenull_wrlock function:
if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN ...

The check should be:
if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN && ehdr->e_type < ET_LOOS ...
Comment 1 Mark Wielaard 2016-07-02 20:44:09 UTC 
The intention of the check seems to have been to deny creating a phdr for an ET_REL file. It also denies an phdr for ET_NONE. Or as in this case any e_type in the OS specific or Processor specific range.

Do we want to tweak the check as suggested to only allow creating a phdr for an ET_EXEC, ET_DYN, ET_CORE or any OS or Processor specific e_type value (and denying for ET_NONE, ET_REL or any unassigned number not in the OS specific or Processor specific range)? Or might we just remove this check completely and let the user shoot themselves into their feet?
Comment 2 Mark Wielaard 2016-07-11 07:56:15 UTC 
Pushed fix to upstream master.

commit 8b5f017ddf1684e225ef59f9243ef411b2556e9c
Author: Mark Wielaard <mjw>
Date:   Wed Jul 6 15:27:56 2016 +0200

    libelf: Allow updating phdrs for any e_type.
    
    elf[32|64]_updatenull would sanity check the e_type before allowing to
    update the phdrs. This prevents creating an ET_REL file with phdrs. It
    also prevents creating any vendor specific ELF file having phdrs. We
    only check this when updating/writing out the file. But we would just
    read such files. Don't prevent people from creating unexpected ELF files.
    elflint will warn for such files.
    
    While writing a new testcase for this another bug was found that
    prevented updating a just created phdr because elf_getphdrnum would
    sanity check the phdr offset in the file (which doesn't exist yet).
    Fix that by only doing such a sanity check if the phdrs haven't been
    read in or created yet.
    
    This second bug should have been found by the existing elfshphehdr
    test, but that test contained a typo checking elf_getphdrnum.
    It tested that the called failed when there were no phdrs, but then
    elf_getphdrnum should simply succeed and return zero.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1352232
    
    Signed-off-by: Mark Wielaard <mjw>
Comment 3 Jan Kurik 2016-07-26 04:39:40 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 4 Fedora Update System 2016-08-26 15:00:10 UTC 
elfutils-0.167-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-de1f4e692b
Comment 5 Fedora Update System 2016-08-27 12:52:41 UTC 
elfutils-0.167-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-de1f4e692b
Comment 6 Fedora Update System 2016-09-03 17:38:45 UTC 
elfutils-0.167-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2016-09-04 21:44:57 UTC 
elfutils-0.167-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1bc61e8f20
Comment 8 Fedora Update System 2016-09-06 03:21:56 UTC 
elfutils-0.167-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1bc61e8f20
Comment 9 Fedora Update System 2016-09-06 22:20:46 UTC 
elfutils-0.167-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.