Bug 1352232 - Libelf: Can't add Program Header when e_type is set to OS/Proc specific
Summary: Libelf: Can't add Program Header when e_type is set to OS/Proc specific
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: elfutils
Version: 25
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Mark Wielaard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-02 20:02 UTC by remy.fontayne
Modified: 2016-09-06 22:21 UTC (History)
7 users (show)

Fixed In Version: elfutils-0.167-1.fc25 elfutils-0.167-1.fc24
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-06 22:21:11 UTC


Attachments (Terms of Use)

Description remy.fontayne 2016-07-02 20:02:21 UTC
Description of problem:
LibELF can't add a Program Header when e_type is set to OS/Proc specific.

Version-Release number of selected component (if applicable):
elfutil:96e140f6687922606657a76f185a73cf47908ef2 master

How reproducible:

Steps to Reproduce:
1. Create an ELF with the e_type value set to a vendor specific value (ex. 0xffa0) and 1 Program Header
2. Call the elf_update function

Actual results:
The elf_update function will fail with ELF_E_INVALID_PHDR.

Expected results:
The elf_update e_type check should allow PH creation when e_type is set to OS/Proc specific.

Additional info:

The actual check is done in elf32_updatenull.c -> updatenull_wrlock function:
if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN ...

The check should be:
if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN && ehdr->e_type < ET_LOOS ...

Comment 1 Mark Wielaard 2016-07-02 20:44:09 UTC
The intention of the check seems to have been to deny creating a phdr for an ET_REL file. It also denies an phdr for ET_NONE. Or as in this case any e_type in the OS specific or Processor specific range.

Do we want to tweak the check as suggested to only allow creating a phdr for an ET_EXEC, ET_DYN, ET_CORE or any OS or Processor specific e_type value (and denying for ET_NONE, ET_REL or any unassigned number not in the OS specific or Processor specific range)? Or might we just remove this check completely and let the user shoot themselves into their feet?

Comment 2 Mark Wielaard 2016-07-11 07:56:15 UTC
Pushed fix to upstream master.

commit 8b5f017ddf1684e225ef59f9243ef411b2556e9c
Author: Mark Wielaard <mjw@redhat.com>
Date:   Wed Jul 6 15:27:56 2016 +0200

    libelf: Allow updating phdrs for any e_type.
    
    elf[32|64]_updatenull would sanity check the e_type before allowing to
    update the phdrs. This prevents creating an ET_REL file with phdrs. It
    also prevents creating any vendor specific ELF file having phdrs. We
    only check this when updating/writing out the file. But we would just
    read such files. Don't prevent people from creating unexpected ELF files.
    elflint will warn for such files.
    
    While writing a new testcase for this another bug was found that
    prevented updating a just created phdr because elf_getphdrnum would
    sanity check the phdr offset in the file (which doesn't exist yet).
    Fix that by only doing such a sanity check if the phdrs haven't been
    read in or created yet.
    
    This second bug should have been found by the existing elfshphehdr
    test, but that test contained a typo checking elf_getphdrnum.
    It tested that the called failed when there were no phdrs, but then
    elf_getphdrnum should simply succeed and return zero.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1352232
    
    Signed-off-by: Mark Wielaard <mjw@redhat.com>

Comment 3 Jan Kurik 2016-07-26 04:39:40 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.

Comment 4 Fedora Update System 2016-08-26 15:00:10 UTC
elfutils-0.167-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-de1f4e692b

Comment 5 Fedora Update System 2016-08-27 12:52:41 UTC
elfutils-0.167-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-de1f4e692b

Comment 6 Fedora Update System 2016-09-03 17:38:45 UTC
elfutils-0.167-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-09-04 21:44:57 UTC
elfutils-0.167-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1bc61e8f20

Comment 8 Fedora Update System 2016-09-06 03:21:56 UTC
elfutils-0.167-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1bc61e8f20

Comment 9 Fedora Update System 2016-09-06 22:20:46 UTC
elfutils-0.167-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.