* grub-core/kern/x86_64/dl.c (grub_arch_dl_relocate_symbols): Add

range-checking for 32-bit quantities.
2013-11-22 13:01:14 +01:00 · 2013-11-22 13:01:14 +01:00 · 1a5b7b404f
commit 1a5b7b404f
parent 9cf12b20af
2 changed files with 27 additions and 4 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2013-11-22  Vladimir Serbinenko  <phcoder@gmail.com>
+
+	* grub-core/kern/x86_64/dl.c (grub_arch_dl_relocate_symbols): Add
+	range-checking for 32-bit quantities.
+
 2013-11-22  Vladimir Serbinenko  <phcoder@gmail.com>

 	* configure.ac: Compile with -fPIC when compiling with clang on
--- a/grub-core/kern/x86_64/dl.c
+++ b/grub-core/kern/x86_64/dl.c
@ -100,13 +100,31 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
 		    break;

 		  case R_X86_64_PC32:
-		    *addr32 += rel->r_addend + sym->st_value -
+		    {
+		      grub_int64_t value;
+		      value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value -
 			(Elf64_Xword) seg->addr - rel->r_offset;
+		      if (value != (grub_int32_t) value)
+			return grub_error (GRUB_ERR_BAD_MODULE, "relocation out of range");
+		      *addr32 = value;
+		    }
 		    break;

                  case R_X86_64_32:
+		    {
+		      grub_uint64_t value = *addr32 + rel->r_addend + sym->st_value;
+		      if (value != (grub_uint32_t) value)
+			return grub_error (GRUB_ERR_BAD_MODULE, "relocation out of range");
+		      *addr32 = value;
+		    }
+		    break;
                  case R_X86_64_32S:
-                    *addr32 += rel->r_addend + sym->st_value;
+		    {
+		      grub_int64_t value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value;
+		      if (value != (grub_int32_t) value)
+			return grub_error (GRUB_ERR_BAD_MODULE, "relocation out of range");
+		      *addr32 = value;
+		    }
 		    break;

 		  default: