Fix: lttng-elf: untrusted entry size divisor
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 16 Mar 2022 21:29:11 +0000 (17:29 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 16 Mar 2022 21:29:11 +0000 (17:29 -0400)
1405557 Untrusted divisor
The divisor could be controlled by an attacker, who could cause a division by zero.

In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369)

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b

src/common/lttng-elf.cpp

index 992410a883d8d4ffa96636f2db612c3f818e9716..711447203169c4d2427ce05e669f19795d3275a1 100644 (file)
@@ -824,6 +824,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset)
        }
 
        /* Get the number of symbol in the table for the iteration. */
+       if (symtab_hdr.sh_entsize == 0) {
+               DBG("Invalid ELF string table entry size.");
+               ret = LTTNG_ERR_ELF_PARSING;
+               goto free_symbol_table_data;
+       }
+
        sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize;
 
        /* Loop over all symbol. */
This page took 0.031025 seconds and 4 git commands to generate.