From: Kevin Enderby Date: Tue, 4 Oct 2016 20:37:43 +0000 (+0000) Subject: Next set of additional error checks for invalid Mach-O files for the X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ec53f4b255a6a618b4ac42844956aff2a8763378;p=llvm Next set of additional error checks for invalid Mach-O files for the load commands that uses the MachO::encryption_info_command and MachO::encryption_info_command types but not used in llvm libObject code but used in llvm tool code. This includes just LC_ENCRYPTION_INFO and LC_ENCRYPTION_INFO_64 load commands. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@283250 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Object/MachOObjectFile.cpp b/lib/Object/MachOObjectFile.cpp index fcd7099954a..b5d1f934b63 100644 --- a/lib/Object/MachOObjectFile.cpp +++ b/lib/Object/MachOObjectFile.cpp @@ -698,6 +698,30 @@ static Error checkRpathCommand(const MachOObjectFile *Obj, return Error::success(); } +static Error checkEncryptCommand(const MachOObjectFile *Obj, + const MachOObjectFile::LoadCommandInfo &Load, + uint32_t LoadCommandIndex, + uint64_t cryptoff, uint64_t cryptsize, + const char **LoadCmd, const char *CmdName) { + if (*LoadCmd != nullptr) + return malformedError("more than one LC_ENCRYPTION_INFO and or " + "LC_ENCRYPTION_INFO_64 command"); + uint64_t FileSize = Obj->getData().size(); + if (cryptoff > FileSize) + return malformedError("cryptoff field of " + Twine(CmdName) + + " command " + Twine(LoadCommandIndex) + " extends " + "past the end of the file"); + uint64_t BigSize = cryptoff; + BigSize += cryptsize; + if (BigSize > FileSize) + return malformedError("cryptoff field plus cryptsize field of " + + Twine(CmdName) + " command " + + Twine(LoadCommandIndex) + " extends past the end of " + "the file"); + *LoadCmd = Load.Ptr; + return Error::success(); +} + Expected> MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian, bool Is64Bits) { @@ -752,6 +776,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, const char *VersLoadCmd = nullptr; const char *SourceLoadCmd = nullptr; const char *EntryPointLoadCmd = nullptr; + const char *EncryptLoadCmd = nullptr; for (unsigned I = 0; I < LoadCommandCount; ++I) { if (is64Bit()) { if (Load.C.cmdsize % 8 != 0) { @@ -903,6 +928,28 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian, return; } EntryPointLoadCmd = Load.Ptr; + } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO) { + if (Load.C.cmdsize != sizeof(MachO::encryption_info_command)) { + Err = malformedError("LC_ENCRYPTION_INFO command " + Twine(I) + + " has incorrect cmdsize"); + return; + } + MachO::encryption_info_command E = + getStruct(this, Load.Ptr); + if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize, + &EncryptLoadCmd, "LC_ENCRYPTION_INFO"))) + return; + } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO_64) { + if (Load.C.cmdsize != sizeof(MachO::encryption_info_command_64)) { + Err = malformedError("LC_ENCRYPTION_INFO_64 command " + Twine(I) + + " has incorrect cmdsize"); + return; + } + MachO::encryption_info_command_64 E = + getStruct(this, Load.Ptr); + if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize, + &EncryptLoadCmd, "LC_ENCRYPTION_INFO_64"))) + return; } if (I < LoadCommandCount - 1) { if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load)) diff --git a/test/Object/Inputs/macho-invalid-encrypt-bad-size b/test/Object/Inputs/macho-invalid-encrypt-bad-size new file mode 100644 index 00000000000..21204650f0a Binary files /dev/null and b/test/Object/Inputs/macho-invalid-encrypt-bad-size differ diff --git a/test/Object/Inputs/macho-invalid-encrypt-cryptoff b/test/Object/Inputs/macho-invalid-encrypt-cryptoff new file mode 100644 index 00000000000..9ac14e28982 Binary files /dev/null and b/test/Object/Inputs/macho-invalid-encrypt-cryptoff differ diff --git a/test/Object/Inputs/macho-invalid-encrypt-more-than-one b/test/Object/Inputs/macho-invalid-encrypt-more-than-one new file mode 100644 index 00000000000..f5829da1917 Binary files /dev/null and b/test/Object/Inputs/macho-invalid-encrypt-more-than-one differ diff --git a/test/Object/Inputs/macho-invalid-encrypt64-bad-size b/test/Object/Inputs/macho-invalid-encrypt64-bad-size new file mode 100644 index 00000000000..945a6c3587c Binary files /dev/null and b/test/Object/Inputs/macho-invalid-encrypt64-bad-size differ diff --git a/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize b/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize new file mode 100644 index 00000000000..756de66704d Binary files /dev/null and b/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize differ diff --git a/test/Object/macho-invalid.test b/test/Object/macho-invalid.test index 9c902aff814..cf85dac689d 100644 --- a/test/Object/macho-invalid.test +++ b/test/Object/macho-invalid.test @@ -334,3 +334,18 @@ INVALID-ENTRY-BAD-SIZE: macho-invalid-entry-bad-size': truncated or malformed ob RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-entry-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENTRY-MORE-THAN-ONE %s INVALID-ENTRY-MORE-THAN-ONE: macho-invalid-entry-more-than-one': truncated or malformed object (more than one LC_MAIN command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-BAD-SIZE %s +INVALID-ENCRYPT-BAD-SIZE: macho-invalid-encrypt-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO command 0 has incorrect cmdsize) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT64-BAD-SIZE %s +INVALID-ENCRYPT64-BAD-SIZE: macho-invalid-encrypt64-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO_64 command 0 has incorrect cmdsize) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-MORE-THAN-ONE %s +INVALID-ENCRYPT-MORE-THAN-ONE: macho-invalid-encrypt-more-than-one': truncated or malformed object (more than one LC_ENCRYPTION_INFO and or LC_ENCRYPTION_INFO_64 command) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-cryptoff 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF %s +INVALID-ENCRYPT-CRYPTOFF: macho-invalid-encrypt-cryptoff': truncated or malformed object (cryptoff field of LC_ENCRYPTION_INFO command 0 extends past the end of the file) + +RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE %s +INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE: macho-invalid-encrypt64-cryptoff-cryptsize': truncated or malformed object (cryptoff field plus cryptsize field of LC_ENCRYPTION_INFO_64 command 0 extends past the end of the file)