From: Jérémie Galarneau Date: Wed, 16 Mar 2022 21:29:11 +0000 (-0400) Subject: Fix: lttng-elf: untrusted entry size divisor X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=a395e0790af821e6cbd2b73ec907447c728cbfff;p=lttng-tools.git Fix: lttng-elf: untrusted entry size divisor 1405557 Untrusted divisor The divisor could be controlled by an attacker, who could cause a division by zero. In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369) Signed-off-by: Jérémie Galarneau Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b --- diff --git a/src/common/lttng-elf.cpp b/src/common/lttng-elf.cpp index 992410a88..711447203 100644 --- a/src/common/lttng-elf.cpp +++ b/src/common/lttng-elf.cpp @@ -824,6 +824,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset) } /* Get the number of symbol in the table for the iteration. */ + if (symtab_hdr.sh_entsize == 0) { + DBG("Invalid ELF string table entry size."); + ret = LTTNG_ERR_ELF_PARSING; + goto free_symbol_table_data; + } + sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize; /* Loop over all symbol. */