Fix: lttng-elf: untrusted entry size divisor
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 16 Mar 2022 21:29:11 +0000 (17:29 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 17 Mar 2022 17:50:26 +0000 (13:50 -0400)
1405557 Untrusted divisor
The divisor could be controlled by an attacker, who could cause a division by zero.

In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369)

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b

src/common/lttng-elf.c

index bef20ffd4bd52eceb7fec353f885e22e6e9db6d8..7369f29c517cd9489d78ab2bfc9bd7756c0f90f9 100644 (file)
@@ -814,6 +814,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset)
        }
 
        /* Get the number of symbol in the table for the iteration. */
+       if (symtab_hdr.sh_entsize == 0) {
+               DBG("Invalid ELF string table entry size.");
+               ret = LTTNG_ERR_ELF_PARSING;
+               goto free_symbol_table_data;
+       }
+
        sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize;
 
        /* Loop over all symbol. */
This page took 0.026221 seconds and 4 git commands to generate.