1/* Pedantic checking of ELF files compliance with gABI/psABI spec. 2 Copyright (C) 2001-2014 Red Hat, Inc. 3 This file is part of elfutils. 4 Written by Ulrich Drepper <drepper@redhat.com>, 2001. 5 6 This file is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 elfutils is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. */ 18 19#ifdef HAVE_CONFIG_H 20# include <config.h> 21#endif 22 23#include <argp.h> 24#include <assert.h> 25#include <byteswap.h> 26#include <endian.h> 27#include <error.h> 28#include <fcntl.h> 29#include <gelf.h> 30#include <inttypes.h> 31#include <libintl.h> 32#include <locale.h> 33#include <stdbool.h> 34#include <stdlib.h> 35#include <string.h> 36#include <unistd.h> 37#include <sys/stat.h> 38#include <sys/param.h> 39 40#include <elf-knowledge.h> 41#include <system.h> 42#include "../libelf/libelfP.h" 43#include "../libelf/common.h" 44#include "../libebl/libeblP.h" 45#include "../libdw/libdwP.h" 46#include "../libdwfl/libdwflP.h" 47#include "../libdw/memory-access.h" 48 49 50/* Name and version of program. */ 51static void print_version (FILE *stream, struct argp_state *state); 52ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; 53 54/* Bug report address. */ 55ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT; 56 57#define ARGP_strict 300 58#define ARGP_gnuld 301 59 60/* Definitions of arguments for argp functions. */ 61static const struct argp_option options[] = 62{ 63 { "strict", ARGP_strict, NULL, 0, 64 N_("Be extremely strict, flag level 2 features."), 0 }, 65 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 }, 66 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 }, 67 { "gnu-ld", ARGP_gnuld, NULL, 0, 68 N_("Binary has been created with GNU ld and is therefore known to be \ 69broken in certain ways"), 0 }, 70 { NULL, 0, NULL, 0, NULL, 0 } 71}; 72 73/* Short description of program. */ 74static const char doc[] = N_("\ 75Pedantic checking of ELF files compliance with gABI/psABI spec."); 76 77/* Strings for arguments in help texts. */ 78static const char args_doc[] = N_("FILE..."); 79 80/* Prototype for option handler. */ 81static error_t parse_opt (int key, char *arg, struct argp_state *state); 82 83/* Data structure to communicate with argp functions. */ 84static struct argp argp = 85{ 86 options, parse_opt, args_doc, doc, NULL, NULL, NULL 87}; 88 89 90/* Declarations of local functions. */ 91static void process_file (int fd, Elf *elf, const char *prefix, 92 const char *suffix, const char *fname, size_t size, 93 bool only_one); 94static void process_elf_file (Elf *elf, const char *prefix, const char *suffix, 95 const char *fname, size_t size, bool only_one); 96static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, 97 GElf_Shdr *shdr, int idx); 98 99 100/* Report an error. */ 101#define ERROR(str, args...) \ 102 do { \ 103 printf (str, ##args); \ 104 ++error_count; \ 105 } while (0) 106static unsigned int error_count; 107 108/* True if we should perform very strict testing. */ 109static bool be_strict; 110 111/* True if no message is to be printed if the run is succesful. */ 112static bool be_quiet; 113 114/* True if binary is from strip -f, not a normal ELF file. */ 115static bool is_debuginfo; 116 117/* True if binary is assumed to be generated with GNU ld. */ 118static bool gnuld; 119 120/* Index of section header string table. */ 121static uint32_t shstrndx; 122 123/* Array to count references in section groups. */ 124static int *scnref; 125 126/* Numbers of sections and program headers. */ 127static unsigned int shnum; 128static unsigned int phnum; 129 130 131int 132main (int argc, char *argv[]) 133{ 134 /* Set locale. */ 135 setlocale (LC_ALL, ""); 136 137 /* Initialize the message catalog. */ 138 textdomain (PACKAGE_TARNAME); 139 140 /* Parse and process arguments. */ 141 int remaining; 142 argp_parse (&argp, argc, argv, 0, &remaining, NULL); 143 144 /* Before we start tell the ELF library which version we are using. */ 145 elf_version (EV_CURRENT); 146 147 /* Now process all the files given at the command line. */ 148 bool only_one = remaining + 1 == argc; 149 do 150 { 151 /* Open the file. */ 152 int fd = open (argv[remaining], O_RDONLY); 153 if (fd == -1) 154 { 155 error (0, errno, gettext ("cannot open input file")); 156 continue; 157 } 158 159 /* Create an `Elf' descriptor. */ 160 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL); 161 if (elf == NULL) 162 ERROR (gettext ("cannot generate Elf descriptor: %s\n"), 163 elf_errmsg (-1)); 164 else 165 { 166 unsigned int prev_error_count = error_count; 167 struct stat64 st; 168 169 if (fstat64 (fd, &st) != 0) 170 { 171 printf ("cannot stat '%s': %m\n", argv[remaining]); 172 close (fd); 173 continue; 174 } 175 176 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size, 177 only_one); 178 179 /* Now we can close the descriptor. */ 180 if (elf_end (elf) != 0) 181 ERROR (gettext ("error while closing Elf descriptor: %s\n"), 182 elf_errmsg (-1)); 183 184 if (prev_error_count == error_count && !be_quiet) 185 puts (gettext ("No errors")); 186 } 187 188 close (fd); 189 } 190 while (++remaining < argc); 191 192 return error_count != 0; 193} 194 195 196/* Handle program arguments. */ 197static error_t 198parse_opt (int key, char *arg __attribute__ ((unused)), 199 struct argp_state *state __attribute__ ((unused))) 200{ 201 switch (key) 202 { 203 case ARGP_strict: 204 be_strict = true; 205 break; 206 207 case 'q': 208 be_quiet = true; 209 break; 210 211 case 'd': 212 is_debuginfo = true; 213 214 case ARGP_gnuld: 215 gnuld = true; 216 break; 217 218 case ARGP_KEY_NO_ARGS: 219 fputs (gettext ("Missing file name.\n"), stderr); 220 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name); 221 exit (EXIT_FAILURE); 222 223 default: 224 return ARGP_ERR_UNKNOWN; 225 } 226 return 0; 227} 228 229 230/* Print the version information. */ 231static void 232print_version (FILE *stream, struct argp_state *state __attribute__ ((unused))) 233{ 234 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION); 235 fprintf (stream, gettext ("\ 236Copyright (C) %s Red Hat, Inc.\n\ 237This is free software; see the source for copying conditions. There is NO\n\ 238warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ 239"), "2012"); 240 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper"); 241} 242 243 244/* Process one file. */ 245static void 246process_file (int fd, Elf *elf, const char *prefix, const char *suffix, 247 const char *fname, size_t size, bool only_one) 248{ 249 /* We can handle two types of files: ELF files and archives. */ 250 Elf_Kind kind = elf_kind (elf); 251 252 switch (kind) 253 { 254 case ELF_K_ELF: 255 /* Yes! It's an ELF file. */ 256 process_elf_file (elf, prefix, suffix, fname, size, only_one); 257 break; 258 259 case ELF_K_AR: 260 { 261 Elf *subelf; 262 Elf_Cmd cmd = ELF_C_READ_MMAP; 263 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix); 264 size_t fname_len = strlen (fname) + 1; 265 char new_prefix[prefix_len + 1 + fname_len]; 266 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2]; 267 char *cp = new_prefix; 268 269 /* Create the full name of the file. */ 270 if (prefix != NULL) 271 { 272 cp = mempcpy (cp, prefix, prefix_len); 273 *cp++ = '('; 274 strcpy (stpcpy (new_suffix, suffix), ")"); 275 } 276 else 277 new_suffix[0] = '\0'; 278 memcpy (cp, fname, fname_len); 279 280 /* It's an archive. We process each file in it. */ 281 while ((subelf = elf_begin (fd, cmd, elf)) != NULL) 282 { 283 kind = elf_kind (subelf); 284 285 /* Call this function recursively. */ 286 if (kind == ELF_K_ELF || kind == ELF_K_AR) 287 { 288 Elf_Arhdr *arhdr = elf_getarhdr (subelf); 289 assert (arhdr != NULL); 290 291 process_file (fd, subelf, new_prefix, new_suffix, 292 arhdr->ar_name, arhdr->ar_size, false); 293 } 294 295 /* Get next archive element. */ 296 cmd = elf_next (subelf); 297 if (elf_end (subelf) != 0) 298 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"), 299 elf_errmsg (-1)); 300 } 301 } 302 break; 303 304 default: 305 /* We cannot do anything. */ 306 ERROR (gettext ("\ 307Not an ELF file - it has the wrong magic bytes at the start\n")); 308 break; 309 } 310} 311 312 313static const char * 314section_name (Ebl *ebl, int idx) 315{ 316 GElf_Shdr shdr_mem; 317 GElf_Shdr *shdr; 318 const char *ret; 319 320 if ((unsigned int) idx > shnum) 321 return "<invalid>"; 322 323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem); 324 if (shdr == NULL) 325 return "<invalid>"; 326 327 ret = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 328 if (ret == NULL) 329 return "<invalid>"; 330 return ret; 331} 332 333 334static const int valid_e_machine[] = 335 { 336 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370, 337 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC, 338 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM, 339 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300, 340 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE, 341 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16, 342 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7, 343 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX, 344 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM, 345 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300, 346 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA, 347 EM_TILEGX, EM_TILEPRO, EM_AARCH64 348 }; 349#define nvalid_e_machine \ 350 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0])) 351 352 353static void 354check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size) 355{ 356 char buf[512]; 357 size_t cnt; 358 359 /* Check e_ident field. */ 360 if (ehdr->e_ident[EI_MAG0] != ELFMAG0) 361 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0); 362 if (ehdr->e_ident[EI_MAG1] != ELFMAG1) 363 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1); 364 if (ehdr->e_ident[EI_MAG2] != ELFMAG2) 365 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2); 366 if (ehdr->e_ident[EI_MAG3] != ELFMAG3) 367 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3); 368 369 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32 370 && ehdr->e_ident[EI_CLASS] != ELFCLASS64) 371 ERROR (gettext ("e_ident[%d] == %d is no known class\n"), 372 EI_CLASS, ehdr->e_ident[EI_CLASS]); 373 374 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB 375 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB) 376 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"), 377 EI_DATA, ehdr->e_ident[EI_DATA]); 378 379 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) 380 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"), 381 EI_VERSION, ehdr->e_ident[EI_VERSION]); 382 383 /* We currently don't handle any OS ABIs other than Linux. */ 384 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE 385 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX) 386 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"), 387 EI_OSABI, 388 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf))); 389 390 /* No ABI versions other than zero supported either. */ 391 if (ehdr->e_ident[EI_ABIVERSION] != 0) 392 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"), 393 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]); 394 395 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt) 396 if (ehdr->e_ident[cnt] != 0) 397 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt); 398 399 /* Check the e_type field. */ 400 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC 401 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE) 402 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type); 403 404 /* Check the e_machine field. */ 405 for (cnt = 0; cnt < nvalid_e_machine; ++cnt) 406 if (valid_e_machine[cnt] == ehdr->e_machine) 407 break; 408 if (cnt == nvalid_e_machine) 409 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine); 410 411 /* Check the e_version field. */ 412 if (ehdr->e_version != EV_CURRENT) 413 ERROR (gettext ("unknown object file version\n")); 414 415 /* Check the e_phoff and e_phnum fields. */ 416 if (ehdr->e_phoff == 0) 417 { 418 if (ehdr->e_phnum != 0) 419 ERROR (gettext ("invalid program header offset\n")); 420 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 421 ERROR (gettext ("\ 422executables and DSOs cannot have zero program header offset\n")); 423 } 424 else if (ehdr->e_phnum == 0) 425 ERROR (gettext ("invalid number of program header entries\n")); 426 427 /* Check the e_shoff field. */ 428 shnum = ehdr->e_shnum; 429 shstrndx = ehdr->e_shstrndx; 430 if (ehdr->e_shoff == 0) 431 { 432 if (ehdr->e_shnum != 0) 433 ERROR (gettext ("invalid section header table offset\n")); 434 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 435 && ehdr->e_type != ET_CORE) 436 ERROR (gettext ("section header table must be present\n")); 437 } 438 else 439 { 440 if (ehdr->e_shnum == 0) 441 { 442 /* Get the header of the zeroth section. The sh_size field 443 might contain the section number. */ 444 GElf_Shdr shdr_mem; 445 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 446 if (shdr != NULL) 447 { 448 /* The error will be reported later. */ 449 if (shdr->sh_size == 0) 450 ERROR (gettext ("\ 451invalid number of section header table entries\n")); 452 else 453 shnum = shdr->sh_size; 454 } 455 } 456 457 if (ehdr->e_shstrndx == SHN_XINDEX) 458 { 459 /* Get the header of the zeroth section. The sh_size field 460 might contain the section number. */ 461 GElf_Shdr shdr_mem; 462 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 463 if (shdr != NULL && shdr->sh_link < shnum) 464 shstrndx = shdr->sh_link; 465 } 466 else if (shstrndx >= shnum) 467 ERROR (gettext ("invalid section header index\n")); 468 } 469 470 phnum = ehdr->e_phnum; 471 if (ehdr->e_phnum == PN_XNUM) 472 { 473 /* Get the header of the zeroth section. The sh_info field 474 might contain the phnum count. */ 475 GElf_Shdr shdr_mem; 476 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 477 if (shdr != NULL) 478 { 479 /* The error will be reported later. */ 480 if (shdr->sh_info < PN_XNUM) 481 ERROR (gettext ("\ 482invalid number of program header table entries\n")); 483 else 484 phnum = shdr->sh_info; 485 } 486 } 487 488 /* Check the e_flags field. */ 489 if (!ebl_machine_flag_check (ebl, ehdr->e_flags)) 490 ERROR (gettext ("invalid machine flags: %s\n"), 491 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf))); 492 493 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */ 494 if (gelf_getclass (ebl->elf) == ELFCLASS32) 495 { 496 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr)) 497 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 498 499 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr)) 500 ERROR (gettext ("invalid program header size: %hd\n"), 501 ehdr->e_phentsize); 502 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 503 ERROR (gettext ("invalid program header position or size\n")); 504 505 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr)) 506 ERROR (gettext ("invalid section header size: %hd\n"), 507 ehdr->e_shentsize); 508 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size) 509 ERROR (gettext ("invalid section header position or size\n")); 510 } 511 else if (gelf_getclass (ebl->elf) == ELFCLASS64) 512 { 513 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr)) 514 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 515 516 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr)) 517 ERROR (gettext ("invalid program header size: %hd\n"), 518 ehdr->e_phentsize); 519 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 520 ERROR (gettext ("invalid program header position or size\n")); 521 522 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr)) 523 ERROR (gettext ("invalid section header size: %hd\n"), 524 ehdr->e_shentsize); 525 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size) 526 ERROR (gettext ("invalid section header position or size\n")); 527 } 528} 529 530 531/* Check that there is a section group section with index < IDX which 532 contains section IDX and that there is exactly one. */ 533static void 534check_scn_group (Ebl *ebl, int idx) 535{ 536 if (scnref[idx] == 0) 537 { 538 /* No reference so far. Search following sections, maybe the 539 order is wrong. */ 540 size_t cnt; 541 542 for (cnt = idx + 1; cnt < shnum; ++cnt) 543 { 544 Elf_Scn *scn = elf_getscn (ebl->elf, cnt); 545 GElf_Shdr shdr_mem; 546 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 547 if (shdr == NULL) 548 /* We cannot get the section header so we cannot check it. 549 The error to get the section header will be shown 550 somewhere else. */ 551 continue; 552 553 if (shdr->sh_type != SHT_GROUP) 554 continue; 555 556 Elf_Data *data = elf_getdata (scn, NULL); 557 if (data == NULL || data->d_size < sizeof (Elf32_Word)) 558 /* Cannot check the section. */ 559 continue; 560 561 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf; 562 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word); 563 ++inner) 564 if (grpdata[inner] == (Elf32_Word) idx) 565 goto out; 566 } 567 568 out: 569 if (cnt == shnum) 570 ERROR (gettext ("\ 571section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"), 572 idx, section_name (ebl, idx)); 573 else 574 ERROR (gettext ("\ 575section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"), 576 idx, section_name (ebl, idx), 577 cnt, section_name (ebl, cnt)); 578 } 579} 580 581 582static void 583check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 584{ 585 bool no_xndx_warned = false; 586 int no_pt_tls = 0; 587 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 588 if (data == NULL) 589 { 590 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 591 idx, section_name (ebl, idx)); 592 return; 593 } 594 595 GElf_Shdr strshdr_mem; 596 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 597 &strshdr_mem); 598 if (strshdr == NULL) 599 return; 600 601 if (strshdr->sh_type != SHT_STRTAB) 602 { 603 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 604 shdr->sh_link, section_name (ebl, shdr->sh_link), 605 idx, section_name (ebl, idx)); 606 strshdr = NULL; 607 } 608 609 /* Search for an extended section index table section. */ 610 Elf_Data *xndxdata = NULL; 611 Elf32_Word xndxscnidx = 0; 612 bool found_xndx = false; 613 for (size_t cnt = 1; cnt < shnum; ++cnt) 614 if (cnt != (size_t) idx) 615 { 616 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt); 617 GElf_Shdr xndxshdr_mem; 618 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem); 619 if (xndxshdr == NULL) 620 continue; 621 622 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX 623 && xndxshdr->sh_link == (GElf_Word) idx) 624 { 625 if (found_xndx) 626 ERROR (gettext ("\ 627section [%2d] '%s': symbol table cannot have more than one extended index section\n"), 628 idx, section_name (ebl, idx)); 629 630 xndxdata = elf_getdata (xndxscn, NULL); 631 xndxscnidx = elf_ndxscn (xndxscn); 632 found_xndx = true; 633 } 634 } 635 636 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT); 637 if (shdr->sh_entsize != sh_entsize) 638 ERROR (gettext ("\ 639section [%2u] '%s': entry size is does not match ElfXX_Sym\n"), 640 idx, section_name (ebl, idx)); 641 642 /* Test the zeroth entry. */ 643 GElf_Sym sym_mem; 644 Elf32_Word xndx; 645 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx); 646 if (sym == NULL) 647 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"), 648 idx, section_name (ebl, idx), 0, elf_errmsg (-1)); 649 else 650 { 651 if (sym->st_name != 0) 652 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 653 idx, section_name (ebl, idx), "st_name"); 654 if (sym->st_value != 0) 655 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 656 idx, section_name (ebl, idx), "st_value"); 657 if (sym->st_size != 0) 658 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 659 idx, section_name (ebl, idx), "st_size"); 660 if (sym->st_info != 0) 661 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 662 idx, section_name (ebl, idx), "st_info"); 663 if (sym->st_other != 0) 664 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 665 idx, section_name (ebl, idx), "st_other"); 666 if (sym->st_shndx != 0) 667 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 668 idx, section_name (ebl, idx), "st_shndx"); 669 if (xndxdata != NULL && xndx != 0) 670 ERROR (gettext ("\ 671section [%2d] '%s': XINDEX for zeroth entry not zero\n"), 672 xndxscnidx, section_name (ebl, xndxscnidx)); 673 } 674 675 for (size_t cnt = 1; cnt < shdr->sh_size / sh_entsize; ++cnt) 676 { 677 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx); 678 if (sym == NULL) 679 { 680 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"), 681 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 682 continue; 683 } 684 685 const char *name = NULL; 686 if (strshdr == NULL) 687 name = ""; 688 else if (sym->st_name >= strshdr->sh_size) 689 ERROR (gettext ("\ 690section [%2d] '%s': symbol %zu: invalid name value\n"), 691 idx, section_name (ebl, idx), cnt); 692 else 693 { 694 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name); 695 assert (name != NULL 696 || strshdr->sh_type != SHT_STRTAB); 697 } 698 699 if (sym->st_shndx == SHN_XINDEX) 700 { 701 if (xndxdata == NULL) 702 { 703 if (!no_xndx_warned) 704 ERROR (gettext ("\ 705section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"), 706 idx, section_name (ebl, idx), cnt); 707 no_xndx_warned = true; 708 } 709 else if (xndx < SHN_LORESERVE) 710 ERROR (gettext ("\ 711section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"), 712 xndxscnidx, section_name (ebl, xndxscnidx), cnt, 713 xndx); 714 } 715 else if ((sym->st_shndx >= SHN_LORESERVE 716 // && sym->st_shndx <= SHN_HIRESERVE always true 717 && sym->st_shndx != SHN_ABS 718 && sym->st_shndx != SHN_COMMON) 719 || (sym->st_shndx >= shnum 720 && (sym->st_shndx < SHN_LORESERVE 721 /* || sym->st_shndx > SHN_HIRESERVE always false */))) 722 ERROR (gettext ("\ 723section [%2d] '%s': symbol %zu: invalid section index\n"), 724 idx, section_name (ebl, idx), cnt); 725 else 726 xndx = sym->st_shndx; 727 728 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM 729 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0)) 730 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"), 731 idx, section_name (ebl, idx), cnt); 732 733 if (GELF_ST_BIND (sym->st_info) >= STB_NUM 734 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL, 735 0)) 736 ERROR (gettext ("\ 737section [%2d] '%s': symbol %zu: unknown symbol binding\n"), 738 idx, section_name (ebl, idx), cnt); 739 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE 740 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 741 ERROR (gettext ("\ 742section [%2d] '%s': symbol %zu: unique symbol not of object type\n"), 743 idx, section_name (ebl, idx), cnt); 744 745 if (xndx == SHN_COMMON) 746 { 747 /* Common symbols can only appear in relocatable files. */ 748 if (ehdr->e_type != ET_REL) 749 ERROR (gettext ("\ 750section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"), 751 idx, section_name (ebl, idx), cnt); 752 if (cnt < shdr->sh_info) 753 ERROR (gettext ("\ 754section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"), 755 idx, section_name (ebl, idx), cnt); 756 if (GELF_R_TYPE (sym->st_info) == STT_FUNC) 757 ERROR (gettext ("\ 758section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"), 759 idx, section_name (ebl, idx), cnt); 760 } 761 else if (xndx > 0 && xndx < shnum) 762 { 763 GElf_Shdr destshdr_mem; 764 GElf_Shdr *destshdr; 765 766 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem); 767 if (destshdr != NULL) 768 { 769 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0 770 : destshdr->sh_addr); 771 GElf_Addr st_value; 772 if (GELF_ST_TYPE (sym->st_info) == STT_FUNC 773 || (GELF_ST_TYPE (sym->st_info) == STT_GNU_IFUNC)) 774 st_value = sym->st_value & ebl_func_addr_mask (ebl); 775 else 776 st_value = sym->st_value; 777 if (GELF_ST_TYPE (sym->st_info) != STT_TLS) 778 { 779 if (! ebl_check_special_symbol (ebl, ehdr, sym, name, 780 destshdr)) 781 { 782 if (st_value - sh_addr > destshdr->sh_size) 783 { 784 /* GNU ld has severe bugs. When it decides to remove 785 empty sections it leaves symbols referencing them 786 behind. These are symbols in .symtab or .dynsym 787 and for the named symbols have zero size. See 788 sourceware PR13621. */ 789 if (!gnuld 790 || (strcmp (section_name (ebl, idx), ".symtab") 791 && strcmp (section_name (ebl, idx), 792 ".dynsym")) 793 || sym->st_size != 0 794 || (strcmp (name, "__preinit_array_start") != 0 795 && strcmp (name, "__preinit_array_end") != 0 796 && strcmp (name, "__init_array_start") != 0 797 && strcmp (name, "__init_array_end") != 0 798 && strcmp (name, "__fini_array_start") != 0 799 && strcmp (name, "__fini_array_end") != 0 800 && strcmp (name, "__bss_start") != 0 801 && strcmp (name, "__bss_start__") != 0 802 && strcmp (name, "__TMC_END__") != 0 803 && strcmp (name, ".TOC.") != 0)) 804 ERROR (gettext ("\ 805section [%2d] '%s': symbol %zu: st_value out of bounds\n"), 806 idx, section_name (ebl, idx), cnt); 807 } 808 else if ((st_value - sh_addr 809 + sym->st_size) > destshdr->sh_size) 810 ERROR (gettext ("\ 811section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 812 idx, section_name (ebl, idx), cnt, 813 (int) xndx, section_name (ebl, xndx)); 814 } 815 } 816 else 817 { 818 if ((destshdr->sh_flags & SHF_TLS) == 0) 819 ERROR (gettext ("\ 820section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"), 821 idx, section_name (ebl, idx), cnt, 822 (int) xndx, section_name (ebl, xndx)); 823 824 if (ehdr->e_type == ET_REL) 825 { 826 /* For object files the symbol value must fall 827 into the section. */ 828 if (st_value > destshdr->sh_size) 829 ERROR (gettext ("\ 830section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 831 idx, section_name (ebl, idx), cnt, 832 (int) xndx, section_name (ebl, xndx)); 833 else if (st_value + sym->st_size 834 > destshdr->sh_size) 835 ERROR (gettext ("\ 836section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 837 idx, section_name (ebl, idx), cnt, 838 (int) xndx, section_name (ebl, xndx)); 839 } 840 else 841 { 842 GElf_Phdr phdr_mem; 843 GElf_Phdr *phdr = NULL; 844 unsigned int pcnt; 845 846 for (pcnt = 0; pcnt < phnum; ++pcnt) 847 { 848 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 849 if (phdr != NULL && phdr->p_type == PT_TLS) 850 break; 851 } 852 853 if (pcnt == phnum) 854 { 855 if (no_pt_tls++ == 0) 856 ERROR (gettext ("\ 857section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"), 858 idx, section_name (ebl, idx), cnt); 859 } 860 else 861 { 862 if (st_value 863 < destshdr->sh_offset - phdr->p_offset) 864 ERROR (gettext ("\ 865section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"), 866 idx, section_name (ebl, idx), cnt, 867 (int) xndx, section_name (ebl, xndx)); 868 else if (st_value 869 > (destshdr->sh_offset - phdr->p_offset 870 + destshdr->sh_size)) 871 ERROR (gettext ("\ 872section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 873 idx, section_name (ebl, idx), cnt, 874 (int) xndx, section_name (ebl, xndx)); 875 else if (st_value + sym->st_size 876 > (destshdr->sh_offset - phdr->p_offset 877 + destshdr->sh_size)) 878 ERROR (gettext ("\ 879section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 880 idx, section_name (ebl, idx), cnt, 881 (int) xndx, section_name (ebl, xndx)); 882 } 883 } 884 } 885 } 886 } 887 888 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 889 { 890 if (cnt >= shdr->sh_info) 891 ERROR (gettext ("\ 892section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"), 893 idx, section_name (ebl, idx), cnt); 894 } 895 else 896 { 897 if (cnt < shdr->sh_info) 898 ERROR (gettext ("\ 899section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"), 900 idx, section_name (ebl, idx), cnt); 901 } 902 903 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION 904 && GELF_ST_BIND (sym->st_info) != STB_LOCAL) 905 ERROR (gettext ("\ 906section [%2d] '%s': symbol %zu: non-local section symbol\n"), 907 idx, section_name (ebl, idx), cnt); 908 909 if (name != NULL) 910 { 911 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0) 912 { 913 /* Check that address and size match the global offset table. */ 914 915 GElf_Shdr destshdr_mem; 916 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), 917 &destshdr_mem); 918 919 if (destshdr == NULL && xndx == SHN_ABS) 920 { 921 /* In a DSO, we have to find the GOT section by name. */ 922 Elf_Scn *gotscn = NULL; 923 Elf_Scn *gscn = NULL; 924 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL) 925 { 926 destshdr = gelf_getshdr (gscn, &destshdr_mem); 927 assert (destshdr != NULL); 928 const char *sname = elf_strptr (ebl->elf, 929 ehdr->e_shstrndx, 930 destshdr->sh_name); 931 if (sname != NULL) 932 { 933 if (strcmp (sname, ".got.plt") == 0) 934 break; 935 if (strcmp (sname, ".got") == 0) 936 /* Do not stop looking. 937 There might be a .got.plt section. */ 938 gotscn = gscn; 939 } 940 941 destshdr = NULL; 942 } 943 944 if (destshdr == NULL && gotscn != NULL) 945 destshdr = gelf_getshdr (gotscn, &destshdr_mem); 946 } 947 948 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF) 949 ? NULL 950 : elf_strptr (ebl->elf, ehdr->e_shstrndx, 951 destshdr->sh_name)); 952 if (sname == NULL) 953 { 954 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL) 955 ERROR (gettext ("\ 956section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 957bad section [%2d]\n"), 958 idx, section_name (ebl, idx), xndx); 959 } 960 else if (strcmp (sname, ".got.plt") != 0 961 && strcmp (sname, ".got") != 0) 962 ERROR (gettext ("\ 963section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 964section [%2d] '%s'\n"), 965 idx, section_name (ebl, idx), xndx, sname); 966 967 if (destshdr != NULL) 968 { 969 /* Found it. */ 970 if (!ebl_check_special_symbol (ebl, ehdr, sym, name, 971 destshdr)) 972 { 973 if (ehdr->e_type != ET_REL 974 && sym->st_value != destshdr->sh_addr) 975 /* This test is more strict than the psABIs which 976 usually allow the symbol to be in the middle of 977 the .got section, allowing negative offsets. */ 978 ERROR (gettext ("\ 979section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"), 980 idx, section_name (ebl, idx), 981 (uint64_t) sym->st_value, 982 sname, (uint64_t) destshdr->sh_addr); 983 984 if (!gnuld && sym->st_size != destshdr->sh_size) 985 ERROR (gettext ("\ 986section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"), 987 idx, section_name (ebl, idx), 988 (uint64_t) sym->st_size, 989 sname, (uint64_t) destshdr->sh_size); 990 } 991 } 992 else 993 ERROR (gettext ("\ 994section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"), 995 idx, section_name (ebl, idx)); 996 } 997 else if (strcmp (name, "_DYNAMIC") == 0) 998 /* Check that address and size match the dynamic section. 999 We locate the dynamic section via the program header 1000 entry. */ 1001 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 1002 { 1003 GElf_Phdr phdr_mem; 1004 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 1005 1006 if (phdr != NULL && phdr->p_type == PT_DYNAMIC) 1007 { 1008 if (sym->st_value != phdr->p_vaddr) 1009 ERROR (gettext ("\ 1010section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"), 1011 idx, section_name (ebl, idx), 1012 (uint64_t) sym->st_value, 1013 (uint64_t) phdr->p_vaddr); 1014 1015 if (!gnuld && sym->st_size != phdr->p_memsz) 1016 ERROR (gettext ("\ 1017section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"), 1018 idx, section_name (ebl, idx), 1019 (uint64_t) sym->st_size, 1020 (uint64_t) phdr->p_memsz); 1021 1022 break; 1023 } 1024 } 1025 } 1026 1027 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT 1028 && shdr->sh_type == SHT_DYNSYM) 1029 ERROR (gettext ("\ 1030section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"), 1031 idx, section_name (ebl, idx), cnt); 1032 if (! ebl_check_st_other_bits (ebl, sym->st_other)) 1033 ERROR (gettext ("\ 1034section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"), 1035 idx, section_name (ebl, idx), cnt); 1036 1037 } 1038} 1039 1040 1041static bool 1042is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr, 1043 bool is_rela) 1044{ 1045 /* If this is no executable or DSO it cannot be a .rel.dyn section. */ 1046 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1047 return false; 1048 1049 /* Check the section name. Unfortunately necessary. */ 1050 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn")) 1051 return false; 1052 1053 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section 1054 entry can be present as well. */ 1055 Elf_Scn *scn = NULL; 1056 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 1057 { 1058 GElf_Shdr rcshdr_mem; 1059 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem); 1060 1061 if (rcshdr == NULL) 1062 break; 1063 1064 if (rcshdr->sh_type == SHT_DYNAMIC && rcshdr->sh_entsize) 1065 { 1066 /* Found the dynamic section. Look through it. */ 1067 Elf_Data *d = elf_getdata (scn, NULL); 1068 size_t cnt; 1069 1070 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt) 1071 { 1072 GElf_Dyn dyn_mem; 1073 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem); 1074 1075 if (dyn == NULL) 1076 break; 1077 1078 if (dyn->d_tag == DT_RELCOUNT) 1079 { 1080 /* Found it. Does the type match. */ 1081 if (is_rela) 1082 ERROR (gettext ("\ 1083section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"), 1084 idx, section_name (ebl, idx)); 1085 else 1086 { 1087 /* Does the number specified number of relative 1088 relocations exceed the total number of 1089 relocations? */ 1090 if (shdr->sh_entsize != 0 1091 && dyn->d_un.d_val > (shdr->sh_size 1092 / shdr->sh_entsize)) 1093 ERROR (gettext ("\ 1094section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1095 idx, section_name (ebl, idx), 1096 (int) dyn->d_un.d_val); 1097 1098 /* Make sure the specified number of relocations are 1099 relative. */ 1100 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1101 idx), NULL); 1102 if (reldata != NULL) 1103 for (size_t inner = 0; 1104 inner < shdr->sh_size / shdr->sh_entsize; 1105 ++inner) 1106 { 1107 GElf_Rel rel_mem; 1108 GElf_Rel *rel = gelf_getrel (reldata, inner, 1109 &rel_mem); 1110 if (rel == NULL) 1111 /* The problem will be reported elsewhere. */ 1112 break; 1113 1114 if (ebl_relative_reloc_p (ebl, 1115 GELF_R_TYPE (rel->r_info))) 1116 { 1117 if (inner >= dyn->d_un.d_val) 1118 ERROR (gettext ("\ 1119section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1120 idx, section_name (ebl, idx), 1121 (int) dyn->d_un.d_val); 1122 } 1123 else if (inner < dyn->d_un.d_val) 1124 ERROR (gettext ("\ 1125section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1126 idx, section_name (ebl, idx), 1127 inner, (int) dyn->d_un.d_val); 1128 } 1129 } 1130 } 1131 1132 if (dyn->d_tag == DT_RELACOUNT) 1133 { 1134 /* Found it. Does the type match. */ 1135 if (!is_rela) 1136 ERROR (gettext ("\ 1137section [%2d] '%s': DT_RELACOUNT used for this REL section\n"), 1138 idx, section_name (ebl, idx)); 1139 else 1140 { 1141 /* Does the number specified number of relative 1142 relocations exceed the total number of 1143 relocations? */ 1144 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1145 ERROR (gettext ("\ 1146section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1147 idx, section_name (ebl, idx), 1148 (int) dyn->d_un.d_val); 1149 1150 /* Make sure the specified number of relocations are 1151 relative. */ 1152 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1153 idx), NULL); 1154 if (reldata != NULL) 1155 for (size_t inner = 0; 1156 inner < shdr->sh_size / shdr->sh_entsize; 1157 ++inner) 1158 { 1159 GElf_Rela rela_mem; 1160 GElf_Rela *rela = gelf_getrela (reldata, inner, 1161 &rela_mem); 1162 if (rela == NULL) 1163 /* The problem will be reported elsewhere. */ 1164 break; 1165 1166 if (ebl_relative_reloc_p (ebl, 1167 GELF_R_TYPE (rela->r_info))) 1168 { 1169 if (inner >= dyn->d_un.d_val) 1170 ERROR (gettext ("\ 1171section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1172 idx, section_name (ebl, idx), 1173 (int) dyn->d_un.d_val); 1174 } 1175 else if (inner < dyn->d_un.d_val) 1176 ERROR (gettext ("\ 1177section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1178 idx, section_name (ebl, idx), 1179 inner, (int) dyn->d_un.d_val); 1180 } 1181 } 1182 } 1183 } 1184 1185 break; 1186 } 1187 } 1188 1189 return true; 1190} 1191 1192 1193struct loaded_segment 1194{ 1195 GElf_Addr from; 1196 GElf_Addr to; 1197 bool read_only; 1198 struct loaded_segment *next; 1199}; 1200 1201 1202/* Check whether binary has text relocation flag set. */ 1203static bool textrel; 1204 1205/* Keep track of whether text relocation flag is needed. */ 1206static bool needed_textrel; 1207 1208 1209static bool 1210check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr, 1211 int idx, int reltype, GElf_Shdr **destshdrp, 1212 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp) 1213{ 1214 bool reldyn = false; 1215 1216 /* Check whether the link to the section we relocate is reasonable. */ 1217 if (shdr->sh_info >= shnum) 1218 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"), 1219 idx, section_name (ebl, idx)); 1220 else if (shdr->sh_info != 0) 1221 { 1222 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info), 1223 destshdr_memp); 1224 if (*destshdrp != NULL) 1225 { 1226 if(! ebl_check_reloc_target_type (ebl, (*destshdrp)->sh_type)) 1227 { 1228 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true); 1229 if (!reldyn) 1230 ERROR (gettext ("\ 1231section [%2d] '%s': invalid destination section type\n"), 1232 idx, section_name (ebl, idx)); 1233 else 1234 { 1235 /* There is no standard, but we require that .rel{,a}.dyn 1236 sections have a sh_info value of zero. */ 1237 if (shdr->sh_info != 0) 1238 ERROR (gettext ("\ 1239section [%2d] '%s': sh_info should be zero\n"), 1240 idx, section_name (ebl, idx)); 1241 } 1242 } 1243 1244 if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0) 1245 ERROR (gettext ("\ 1246section [%2d] '%s': no relocations for merge-able sections possible\n"), 1247 idx, section_name (ebl, idx)); 1248 } 1249 } 1250 1251 size_t sh_entsize = gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT); 1252 if (shdr->sh_entsize != sh_entsize) 1253 ERROR (gettext (reltype == ELF_T_RELA ? "\ 1254section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\ 1255section [%2d] '%s': section entry size does not match ElfXX_Rel\n"), 1256 idx, section_name (ebl, idx)); 1257 1258 /* In preparation of checking whether relocations are text 1259 relocations or not we need to determine whether the file is 1260 flagged to have text relocation and we need to determine a) what 1261 the loaded segments are and b) which are read-only. This will 1262 also allow us to determine whether the same reloc section is 1263 modifying loaded and not loaded segments. */ 1264 for (unsigned int i = 0; i < phnum; ++i) 1265 { 1266 GElf_Phdr phdr_mem; 1267 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); 1268 if (phdr == NULL) 1269 continue; 1270 1271 if (phdr->p_type == PT_LOAD) 1272 { 1273 struct loaded_segment *newp = xmalloc (sizeof (*newp)); 1274 newp->from = phdr->p_vaddr; 1275 newp->to = phdr->p_vaddr + phdr->p_memsz; 1276 newp->read_only = (phdr->p_flags & PF_W) == 0; 1277 newp->next = *loadedp; 1278 *loadedp = newp; 1279 } 1280 else if (phdr->p_type == PT_DYNAMIC) 1281 { 1282 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset); 1283 GElf_Shdr dynshdr_mem; 1284 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem); 1285 Elf_Data *dyndata = elf_getdata (dynscn, NULL); 1286 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC 1287 && dyndata != NULL) 1288 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j) 1289 { 1290 GElf_Dyn dyn_mem; 1291 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem); 1292 if (dyn != NULL 1293 && (dyn->d_tag == DT_TEXTREL 1294 || (dyn->d_tag == DT_FLAGS 1295 && (dyn->d_un.d_val & DF_TEXTREL) != 0))) 1296 { 1297 textrel = true; 1298 break; 1299 } 1300 } 1301 } 1302 } 1303 1304 /* A quick test which can be easily done here (although it is a bit 1305 out of place): the text relocation flag makes only sense if there 1306 is a segment which is not writable. */ 1307 if (textrel) 1308 { 1309 struct loaded_segment *seg = *loadedp; 1310 while (seg != NULL && !seg->read_only) 1311 seg = seg->next; 1312 if (seg == NULL) 1313 ERROR (gettext ("\ 1314text relocation flag set but there is no read-only segment\n")); 1315 } 1316 1317 return reldyn; 1318} 1319 1320 1321enum load_state 1322 { 1323 state_undecided, 1324 state_loaded, 1325 state_unloaded, 1326 state_error 1327 }; 1328 1329 1330static void 1331check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx, 1332 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata, 1333 GElf_Addr r_offset, GElf_Xword r_info, 1334 const GElf_Shdr *destshdr, bool reldyn, 1335 struct loaded_segment *loaded, enum load_state *statep) 1336{ 1337 bool known_broken = gnuld; 1338 1339 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info))) 1340 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"), 1341 idx, section_name (ebl, idx), cnt); 1342 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1343 /* The executable/DSO can contain relocation sections with 1344 all the relocations the linker has applied. Those sections 1345 are marked non-loaded, though. */ 1346 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1347 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info))) 1348 ERROR (gettext ("\ 1349section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"), 1350 idx, section_name (ebl, idx), cnt); 1351 1352 if (symshdr != NULL 1353 && ((GELF_R_SYM (r_info) + 1) 1354 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT) 1355 > symshdr->sh_size)) 1356 ERROR (gettext ("\ 1357section [%2d] '%s': relocation %zu: invalid symbol index\n"), 1358 idx, section_name (ebl, idx), cnt); 1359 1360 /* No more tests if this is a no-op relocation. */ 1361 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info))) 1362 return; 1363 1364 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info))) 1365 { 1366 const char *name; 1367 char buf[64]; 1368 GElf_Sym sym_mem; 1369 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1370 if (sym != NULL 1371 /* Get the name for the symbol. */ 1372 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name)) 1373 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 ) 1374 ERROR (gettext ("\ 1375section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"), 1376 idx, section_name (ebl, idx), cnt, 1377 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info), 1378 buf, sizeof (buf))); 1379 } 1380 1381 if (reldyn) 1382 { 1383 // XXX TODO Check .rel.dyn section addresses. 1384 } 1385 else if (!known_broken) 1386 { 1387 if (destshdr != NULL 1388 && GELF_R_TYPE (r_info) != 0 1389 && (r_offset - (ehdr->e_type == ET_REL ? 0 1390 : destshdr->sh_addr)) >= destshdr->sh_size) 1391 ERROR (gettext ("\ 1392section [%2d] '%s': relocation %zu: offset out of bounds\n"), 1393 idx, section_name (ebl, idx), cnt); 1394 } 1395 1396 GElf_Sym sym_mem; 1397 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1398 1399 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info)) 1400 /* Make sure the referenced symbol is an object or unspecified. */ 1401 && sym != NULL 1402 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE 1403 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 1404 { 1405 char buf[64]; 1406 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"), 1407 idx, section_name (ebl, idx), cnt, 1408 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), 1409 buf, sizeof (buf))); 1410 } 1411 1412 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1413 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1414 { 1415 bool in_loaded_seg = false; 1416 while (loaded != NULL) 1417 { 1418 if (r_offset < loaded->to 1419 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from) 1420 { 1421 /* The symbol is in this segment. */ 1422 if (loaded->read_only) 1423 { 1424 if (textrel) 1425 needed_textrel = true; 1426 else 1427 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"), 1428 idx, section_name (ebl, idx), cnt); 1429 } 1430 1431 in_loaded_seg = true; 1432 } 1433 1434 loaded = loaded->next; 1435 } 1436 1437 if (*statep == state_undecided) 1438 *statep = in_loaded_seg ? state_loaded : state_unloaded; 1439 else if ((*statep == state_unloaded && in_loaded_seg) 1440 || (*statep == state_loaded && !in_loaded_seg)) 1441 { 1442 ERROR (gettext ("\ 1443section [%2d] '%s': relocations are against loaded and unloaded data\n"), 1444 idx, section_name (ebl, idx)); 1445 *statep = state_error; 1446 } 1447 } 1448} 1449 1450 1451static void 1452check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1453{ 1454 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1455 if (data == NULL) 1456 { 1457 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1458 idx, section_name (ebl, idx)); 1459 return; 1460 } 1461 1462 /* Check the fields of the section header. */ 1463 GElf_Shdr destshdr_mem; 1464 GElf_Shdr *destshdr = NULL; 1465 struct loaded_segment *loaded = NULL; 1466 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr, 1467 &destshdr_mem, &loaded); 1468 1469 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1470 GElf_Shdr symshdr_mem; 1471 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1472 Elf_Data *symdata = elf_getdata (symscn, NULL); 1473 enum load_state state = state_undecided; 1474 1475 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_RELA, 1, EV_CURRENT); 1476 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1477 { 1478 GElf_Rela rela_mem; 1479 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem); 1480 if (rela == NULL) 1481 { 1482 ERROR (gettext ("\ 1483section [%2d] '%s': cannot get relocation %zu: %s\n"), 1484 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1485 continue; 1486 } 1487 1488 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1489 rela->r_offset, rela->r_info, destshdr, reldyn, loaded, 1490 &state); 1491 } 1492 1493 while (loaded != NULL) 1494 { 1495 struct loaded_segment *old = loaded; 1496 loaded = loaded->next; 1497 free (old); 1498 } 1499} 1500 1501 1502static void 1503check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1504{ 1505 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1506 if (data == NULL) 1507 { 1508 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1509 idx, section_name (ebl, idx)); 1510 return; 1511 } 1512 1513 /* Check the fields of the section header. */ 1514 GElf_Shdr destshdr_mem; 1515 GElf_Shdr *destshdr = NULL; 1516 struct loaded_segment *loaded = NULL; 1517 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr, 1518 &destshdr_mem, &loaded); 1519 1520 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1521 GElf_Shdr symshdr_mem; 1522 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1523 Elf_Data *symdata = elf_getdata (symscn, NULL); 1524 enum load_state state = state_undecided; 1525 1526 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_REL, 1, EV_CURRENT); 1527 for (size_t cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1528 { 1529 GElf_Rel rel_mem; 1530 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem); 1531 if (rel == NULL) 1532 { 1533 ERROR (gettext ("\ 1534section [%2d] '%s': cannot get relocation %zu: %s\n"), 1535 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1536 continue; 1537 } 1538 1539 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1540 rel->r_offset, rel->r_info, destshdr, reldyn, loaded, 1541 &state); 1542 } 1543 1544 while (loaded != NULL) 1545 { 1546 struct loaded_segment *old = loaded; 1547 loaded = loaded->next; 1548 free (old); 1549 } 1550} 1551 1552 1553/* Number of dynamic sections. */ 1554static int ndynamic; 1555 1556 1557static void 1558check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1559{ 1560 Elf_Data *data; 1561 GElf_Shdr strshdr_mem; 1562 GElf_Shdr *strshdr; 1563 size_t cnt; 1564 static const bool dependencies[DT_NUM][DT_NUM] = 1565 { 1566 [DT_NEEDED] = { [DT_STRTAB] = true }, 1567 [DT_PLTRELSZ] = { [DT_JMPREL] = true }, 1568 [DT_HASH] = { [DT_SYMTAB] = true }, 1569 [DT_STRTAB] = { [DT_STRSZ] = true }, 1570 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true }, 1571 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true }, 1572 [DT_RELASZ] = { [DT_RELA] = true }, 1573 [DT_RELAENT] = { [DT_RELA] = true }, 1574 [DT_STRSZ] = { [DT_STRTAB] = true }, 1575 [DT_SYMENT] = { [DT_SYMTAB] = true }, 1576 [DT_SONAME] = { [DT_STRTAB] = true }, 1577 [DT_RPATH] = { [DT_STRTAB] = true }, 1578 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true }, 1579 [DT_RELSZ] = { [DT_REL] = true }, 1580 [DT_RELENT] = { [DT_REL] = true }, 1581 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true }, 1582 [DT_RUNPATH] = { [DT_STRTAB] = true }, 1583 [DT_PLTREL] = { [DT_JMPREL] = true }, 1584 }; 1585 bool has_dt[DT_NUM]; 1586 bool has_val_dt[DT_VALNUM]; 1587 bool has_addr_dt[DT_ADDRNUM]; 1588 static const bool level2[DT_NUM] = 1589 { 1590 [DT_RPATH] = true, 1591 [DT_SYMBOLIC] = true, 1592 [DT_TEXTREL] = true, 1593 [DT_BIND_NOW] = true 1594 }; 1595 static const bool mandatory[DT_NUM] = 1596 { 1597 [DT_NULL] = true, 1598 [DT_STRTAB] = true, 1599 [DT_SYMTAB] = true, 1600 [DT_STRSZ] = true, 1601 [DT_SYMENT] = true 1602 }; 1603 1604 memset (has_dt, '\0', sizeof (has_dt)); 1605 memset (has_val_dt, '\0', sizeof (has_val_dt)); 1606 memset (has_addr_dt, '\0', sizeof (has_addr_dt)); 1607 1608 if (++ndynamic == 2) 1609 ERROR (gettext ("more than one dynamic section present\n")); 1610 1611 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1612 if (data == NULL) 1613 { 1614 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1615 idx, section_name (ebl, idx)); 1616 return; 1617 } 1618 1619 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem); 1620 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB) 1621 ERROR (gettext ("\ 1622section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 1623 shdr->sh_link, section_name (ebl, shdr->sh_link), 1624 idx, section_name (ebl, idx)); 1625 1626 size_t sh_entsize = gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT); 1627 if (shdr->sh_entsize != sh_entsize) 1628 ERROR (gettext ("\ 1629section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"), 1630 idx, section_name (ebl, idx)); 1631 1632 if (shdr->sh_info != 0) 1633 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1634 idx, section_name (ebl, idx)); 1635 1636 bool non_null_warned = false; 1637 for (cnt = 0; cnt < shdr->sh_size / sh_entsize; ++cnt) 1638 { 1639 GElf_Dyn dyn_mem; 1640 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem); 1641 if (dyn == NULL) 1642 { 1643 ERROR (gettext ("\ 1644section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"), 1645 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1646 continue; 1647 } 1648 1649 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned) 1650 { 1651 ERROR (gettext ("\ 1652section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"), 1653 idx, section_name (ebl, idx)); 1654 non_null_warned = true; 1655 } 1656 1657 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag)) 1658 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"), 1659 idx, section_name (ebl, idx), cnt); 1660 1661 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM) 1662 { 1663 if (has_dt[dyn->d_tag] 1664 && dyn->d_tag != DT_NEEDED 1665 && dyn->d_tag != DT_NULL 1666 && dyn->d_tag != DT_POSFLAG_1) 1667 { 1668 char buf[50]; 1669 ERROR (gettext ("\ 1670section [%2d] '%s': entry %zu: more than one entry with tag %s\n"), 1671 idx, section_name (ebl, idx), cnt, 1672 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1673 buf, sizeof (buf))); 1674 } 1675 1676 if (be_strict && level2[dyn->d_tag]) 1677 { 1678 char buf[50]; 1679 ERROR (gettext ("\ 1680section [%2d] '%s': entry %zu: level 2 tag %s used\n"), 1681 idx, section_name (ebl, idx), cnt, 1682 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1683 buf, sizeof (buf))); 1684 } 1685 1686 has_dt[dyn->d_tag] = true; 1687 } 1688 else if (dyn->d_tag <= DT_VALRNGHI 1689 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM) 1690 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true; 1691 else if (dyn->d_tag <= DT_ADDRRNGHI 1692 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) 1693 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true; 1694 1695 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL 1696 && dyn->d_un.d_val != DT_RELA) 1697 ERROR (gettext ("\ 1698section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"), 1699 idx, section_name (ebl, idx), cnt); 1700 1701 /* Check that addresses for entries are in loaded segments. */ 1702 switch (dyn->d_tag) 1703 { 1704 size_t n; 1705 case DT_STRTAB: 1706 /* We require the referenced section is the same as the one 1707 specified in sh_link. */ 1708 if (strshdr->sh_addr != dyn->d_un.d_val) 1709 { 1710 ERROR (gettext ("\ 1711section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"), 1712 idx, section_name (ebl, idx), cnt, 1713 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1714 break; 1715 } 1716 goto check_addr; 1717 1718 default: 1719 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI) 1720 /* Value is no pointer. */ 1721 break; 1722 /* FALLTHROUGH */ 1723 1724 case DT_AUXILIARY: 1725 case DT_FILTER: 1726 case DT_FINI: 1727 case DT_FINI_ARRAY: 1728 case DT_HASH: 1729 case DT_INIT: 1730 case DT_INIT_ARRAY: 1731 case DT_JMPREL: 1732 case DT_PLTGOT: 1733 case DT_REL: 1734 case DT_RELA: 1735 case DT_SYMBOLIC: 1736 case DT_SYMTAB: 1737 case DT_VERDEF: 1738 case DT_VERNEED: 1739 case DT_VERSYM: 1740 check_addr: 1741 for (n = 0; n < phnum; ++n) 1742 { 1743 GElf_Phdr phdr_mem; 1744 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem); 1745 if (phdr != NULL && phdr->p_type == PT_LOAD 1746 && phdr->p_vaddr <= dyn->d_un.d_ptr 1747 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr) 1748 break; 1749 } 1750 if (unlikely (n >= phnum)) 1751 { 1752 char buf[50]; 1753 ERROR (gettext ("\ 1754section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"), 1755 idx, section_name (ebl, idx), cnt, 1756 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1757 sizeof (buf))); 1758 } 1759 break; 1760 1761 case DT_NEEDED: 1762 case DT_RPATH: 1763 case DT_RUNPATH: 1764 case DT_SONAME: 1765 if (dyn->d_un.d_ptr >= strshdr->sh_size) 1766 { 1767 char buf[50]; 1768 ERROR (gettext ("\ 1769section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"), 1770 idx, section_name (ebl, idx), cnt, 1771 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1772 sizeof (buf)), 1773 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1774 } 1775 break; 1776 } 1777 } 1778 1779 for (cnt = 1; cnt < DT_NUM; ++cnt) 1780 if (has_dt[cnt]) 1781 { 1782 for (int inner = 0; inner < DT_NUM; ++inner) 1783 if (dependencies[cnt][inner] && ! has_dt[inner]) 1784 { 1785 char buf1[50]; 1786 char buf2[50]; 1787 1788 ERROR (gettext ("\ 1789section [%2d] '%s': contains %s entry but not %s\n"), 1790 idx, section_name (ebl, idx), 1791 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)), 1792 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2))); 1793 } 1794 } 1795 else 1796 { 1797 if (mandatory[cnt]) 1798 { 1799 char buf[50]; 1800 ERROR (gettext ("\ 1801section [%2d] '%s': mandatory tag %s not present\n"), 1802 idx, section_name (ebl, idx), 1803 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf))); 1804 } 1805 } 1806 1807 /* Make sure we have an hash table. */ 1808 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]) 1809 ERROR (gettext ("\ 1810section [%2d] '%s': no hash section present\n"), 1811 idx, section_name (ebl, idx)); 1812 1813 /* The GNU-style hash table also needs a symbol table. */ 1814 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)] 1815 && !has_dt[DT_SYMTAB]) 1816 ERROR (gettext ("\ 1817section [%2d] '%s': contains %s entry but not %s\n"), 1818 idx, section_name (ebl, idx), 1819 "DT_GNU_HASH", "DT_SYMTAB"); 1820 1821 /* Check the rel/rela tags. At least one group must be available. */ 1822 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT]) 1823 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT])) 1824 ERROR (gettext ("\ 1825section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1826 idx, section_name (ebl, idx), 1827 "DT_RELA", "DT_RELASZ", "DT_RELAENT"); 1828 1829 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT]) 1830 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT])) 1831 ERROR (gettext ("\ 1832section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1833 idx, section_name (ebl, idx), 1834 "DT_REL", "DT_RELSZ", "DT_RELENT"); 1835 1836 /* Check that all prelink sections are present if any of them is. */ 1837 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)] 1838 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1839 { 1840 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]) 1841 ERROR (gettext ("\ 1842section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1843 idx, section_name (ebl, idx), "DT_GNU_PRELINKED"); 1844 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1845 ERROR (gettext ("\ 1846section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1847 idx, section_name (ebl, idx), "DT_CHECKSUM"); 1848 1849 /* Only DSOs can be marked like this. */ 1850 if (ehdr->e_type != ET_DYN) 1851 ERROR (gettext ("\ 1852section [%2d] '%s': non-DSO file marked as dependency during prelink\n"), 1853 idx, section_name (ebl, idx)); 1854 } 1855 1856 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)] 1857 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)] 1858 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)] 1859 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1860 { 1861 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]) 1862 ERROR (gettext ("\ 1863section [%2d] '%s': %s tag missing in prelinked executable\n"), 1864 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ"); 1865 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]) 1866 ERROR (gettext ("\ 1867section [%2d] '%s': %s tag missing in prelinked executable\n"), 1868 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ"); 1869 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]) 1870 ERROR (gettext ("\ 1871section [%2d] '%s': %s tag missing in prelinked executable\n"), 1872 idx, section_name (ebl, idx), "DT_GNU_CONFLICT"); 1873 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1874 ERROR (gettext ("\ 1875section [%2d] '%s': %s tag missing in prelinked executable\n"), 1876 idx, section_name (ebl, idx), "DT_GNU_LIBLIST"); 1877 } 1878} 1879 1880 1881static void 1882check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1883{ 1884 if (ehdr->e_type != ET_REL) 1885 { 1886 ERROR (gettext ("\ 1887section [%2d] '%s': only relocatable files can have extended section index\n"), 1888 idx, section_name (ebl, idx)); 1889 return; 1890 } 1891 1892 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1893 GElf_Shdr symshdr_mem; 1894 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1895 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB) 1896 ERROR (gettext ("\ 1897section [%2d] '%s': extended section index section not for symbol table\n"), 1898 idx, section_name (ebl, idx)); 1899 Elf_Data *symdata = elf_getdata (symscn, NULL); 1900 if (symdata == NULL) 1901 ERROR (gettext ("cannot get data for symbol section\n")); 1902 1903 if (shdr->sh_entsize != sizeof (Elf32_Word)) 1904 ERROR (gettext ("\ 1905section [%2d] '%s': entry size does not match Elf32_Word\n"), 1906 idx, section_name (ebl, idx)); 1907 1908 if (symshdr != NULL 1909 && shdr->sh_entsize 1910 && symshdr->sh_entsize 1911 && (shdr->sh_size / shdr->sh_entsize 1912 < symshdr->sh_size / symshdr->sh_entsize)) 1913 ERROR (gettext ("\ 1914section [%2d] '%s': extended index table too small for symbol table\n"), 1915 idx, section_name (ebl, idx)); 1916 1917 if (shdr->sh_info != 0) 1918 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1919 idx, section_name (ebl, idx)); 1920 1921 for (size_t cnt = idx + 1; cnt < shnum; ++cnt) 1922 { 1923 GElf_Shdr rshdr_mem; 1924 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem); 1925 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX 1926 && rshdr->sh_link == shdr->sh_link) 1927 { 1928 ERROR (gettext ("\ 1929section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"), 1930 idx, section_name (ebl, idx), 1931 cnt, section_name (ebl, cnt)); 1932 break; 1933 } 1934 } 1935 1936 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1937 if (data == NULL) 1938 { 1939 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1940 idx, section_name (ebl, idx)); 1941 return; 1942 } 1943 1944 if (*((Elf32_Word *) data->d_buf) != 0) 1945 ERROR (gettext ("symbol 0 should have zero extended section index\n")); 1946 1947 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt) 1948 { 1949 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt]; 1950 1951 if (xndx != 0) 1952 { 1953 GElf_Sym sym_data; 1954 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data); 1955 if (sym == NULL) 1956 { 1957 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt); 1958 continue; 1959 } 1960 1961 if (sym->st_shndx != SHN_XINDEX) 1962 ERROR (gettext ("\ 1963extended section index is %" PRIu32 " but symbol index is not XINDEX\n"), 1964 (uint32_t) xndx); 1965 } 1966 } 1967} 1968 1969 1970static void 1971check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1972 GElf_Shdr *symshdr) 1973{ 1974 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0]; 1975 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1]; 1976 1977 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 1978 ERROR (gettext ("\ 1979section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 1980 idx, section_name (ebl, idx), (long int) shdr->sh_size, 1981 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 1982 1983 size_t maxidx = nchain; 1984 1985 if (symshdr != NULL && symshdr->sh_entsize != 0) 1986 { 1987 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 1988 1989 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 1990 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 1991 idx, section_name (ebl, idx)); 1992 1993 maxidx = symsize; 1994 } 1995 1996 Elf32_Word *buf = (Elf32_Word *) data->d_buf; 1997 Elf32_Word *end = (Elf32_Word *) ((char *) data->d_buf + shdr->sh_size); 1998 size_t cnt; 1999 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 2000 { 2001 if (buf + cnt >= end) 2002 break; 2003 else if (buf[cnt] >= maxidx) 2004 ERROR (gettext ("\ 2005section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 2006 idx, section_name (ebl, idx), cnt - 2); 2007 } 2008 2009 for (; cnt < 2 + nbucket + nchain; ++cnt) 2010 { 2011 if (buf + cnt >= end) 2012 break; 2013 else if (buf[cnt] >= maxidx) 2014 ERROR (gettext ("\ 2015section [%2d] '%s': hash chain reference %zu out of bounds\n"), 2016 idx, section_name (ebl, idx), cnt - 2 - nbucket); 2017 } 2018} 2019 2020 2021static void 2022check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2023 GElf_Shdr *symshdr) 2024{ 2025 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0]; 2026 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1]; 2027 2028 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 2029 ERROR (gettext ("\ 2030section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 2031 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2032 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 2033 2034 size_t maxidx = nchain; 2035 2036 if (symshdr != NULL) 2037 { 2038 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 2039 2040 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 2041 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 2042 idx, section_name (ebl, idx)); 2043 2044 maxidx = symsize; 2045 } 2046 2047 Elf64_Xword *buf = (Elf64_Xword *) data->d_buf; 2048 Elf64_Xword *end = (Elf64_Xword *) ((char *) data->d_buf + shdr->sh_size); 2049 size_t cnt; 2050 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 2051 { 2052 if (buf + cnt >= end) 2053 break; 2054 else if (buf[cnt] >= maxidx) 2055 ERROR (gettext ("\ 2056section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 2057 idx, section_name (ebl, idx), cnt - 2); 2058 } 2059 2060 for (; cnt < 2 + nbucket + nchain; ++cnt) 2061 { 2062 if (buf + cnt >= end) 2063 break; 2064 else if (buf[cnt] >= maxidx) 2065 ERROR (gettext ("\ 2066section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"), 2067 idx, section_name (ebl, idx), (uint64_t) cnt - 2 - nbucket); 2068 } 2069} 2070 2071 2072static void 2073check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2074 GElf_Shdr *symshdr) 2075{ 2076 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0]; 2077 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1]; 2078 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2]; 2079 2080 if (!powerof2 (bitmask_words)) 2081 ERROR (gettext ("\ 2082section [%2d] '%s': bitmask size not power of 2: %u\n"), 2083 idx, section_name (ebl, idx), bitmask_words); 2084 2085 size_t bitmask_idxmask = bitmask_words - 1; 2086 if (gelf_getclass (ebl->elf) == ELFCLASS64) 2087 bitmask_words *= 2; 2088 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3]; 2089 2090 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)) 2091 { 2092 ERROR (gettext ("\ 2093section [%2d] '%s': hash table section is too small (is %ld, expected at least %ld)\n"), 2094 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2095 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))); 2096 return; 2097 } 2098 2099 if (shift > 31) 2100 ERROR (gettext ("\ 2101section [%2d] '%s': 2nd hash function shift too big: %u\n"), 2102 idx, section_name (ebl, idx), shift); 2103 2104 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words 2105 + nbuckets); 2106 2107 if (symshdr != NULL) 2108 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize); 2109 2110 /* We need the symbol section data. */ 2111 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL); 2112 2113 union 2114 { 2115 Elf32_Word *p32; 2116 Elf64_Xword *p64; 2117 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] }, 2118 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) }; 2119 2120 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64; 2121 2122 size_t cnt; 2123 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt) 2124 { 2125 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt]; 2126 2127 if (symidx == 0) 2128 continue; 2129 2130 if (symidx < symbias) 2131 { 2132 ERROR (gettext ("\ 2133section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"), 2134 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2135 continue; 2136 } 2137 2138 while (symidx - symbias < maxidx) 2139 { 2140 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4 2141 + bitmask_words 2142 + nbuckets 2143 + symidx 2144 - symbias]; 2145 2146 if (symdata != NULL) 2147 { 2148 /* Check that the referenced symbol is not undefined. */ 2149 GElf_Sym sym_mem; 2150 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem); 2151 if (sym != NULL && sym->st_shndx == SHN_UNDEF 2152 && GELF_ST_TYPE (sym->st_info) != STT_FUNC) 2153 ERROR (gettext ("\ 2154section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"), 2155 idx, section_name (ebl, idx), symidx, 2156 cnt - (4 + bitmask_words)); 2157 2158 const char *symname = elf_strptr (ebl->elf, symshdr->sh_link, 2159 sym->st_name); 2160 if (symname != NULL) 2161 { 2162 Elf32_Word hval = elf_gnu_hash (symname); 2163 if ((hval & ~1u) != (chainhash & ~1u)) 2164 ERROR (gettext ("\ 2165section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"), 2166 idx, section_name (ebl, idx), symidx, 2167 cnt - (4 + bitmask_words)); 2168 2169 /* Set the bits in the bitmask. */ 2170 size_t maskidx = (hval / classbits) & bitmask_idxmask; 2171 if (classbits == 32) 2172 { 2173 collected.p32[maskidx] 2174 |= UINT32_C (1) << (hval & (classbits - 1)); 2175 collected.p32[maskidx] 2176 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1)); 2177 } 2178 else 2179 { 2180 collected.p64[maskidx] 2181 |= UINT64_C (1) << (hval & (classbits - 1)); 2182 collected.p64[maskidx] 2183 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1)); 2184 } 2185 } 2186 } 2187 2188 if ((chainhash & 1) != 0) 2189 break; 2190 2191 ++symidx; 2192 } 2193 2194 if (symidx - symbias >= maxidx) 2195 ERROR (gettext ("\ 2196section [%2d] '%s': hash chain for bucket %zu out of bounds\n"), 2197 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2198 else if (symshdr != NULL 2199 && symidx > symshdr->sh_size / symshdr->sh_entsize) 2200 ERROR (gettext ("\ 2201section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"), 2202 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2203 } 2204 2205 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word))) 2206 ERROR (gettext ("\ 2207section [%2d] '%s': bitmask does not match names in the hash table\n"), 2208 idx, section_name (ebl, idx)); 2209 2210 free (collected.p32); 2211} 2212 2213 2214static void 2215check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2216{ 2217 if (ehdr->e_type == ET_REL) 2218 { 2219 ERROR (gettext ("\ 2220section [%2d] '%s': relocatable files cannot have hash tables\n"), 2221 idx, section_name (ebl, idx)); 2222 return; 2223 } 2224 2225 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2226 if (data == NULL) 2227 { 2228 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2229 idx, section_name (ebl, idx)); 2230 return; 2231 } 2232 2233 GElf_Shdr symshdr_mem; 2234 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2235 &symshdr_mem); 2236 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM) 2237 ERROR (gettext ("\ 2238section [%2d] '%s': hash table not for dynamic symbol table\n"), 2239 idx, section_name (ebl, idx)); 2240 2241 if (shdr->sh_entsize != (tag == SHT_GNU_HASH 2242 ? (gelf_getclass (ebl->elf) == ELFCLASS32 2243 ? sizeof (Elf32_Word) : 0) 2244 : (size_t) ebl_sysvhash_entrysize (ebl))) 2245 ERROR (gettext ("\ 2246section [%2d] '%s': hash table entry size incorrect\n"), 2247 idx, section_name (ebl, idx)); 2248 2249 if ((shdr->sh_flags & SHF_ALLOC) == 0) 2250 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"), 2251 idx, section_name (ebl, idx)); 2252 2253 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4)) 2254 { 2255 ERROR (gettext ("\ 2256section [%2d] '%s': hash table has not even room for initial administrative entries\n"), 2257 idx, section_name (ebl, idx)); 2258 return; 2259 } 2260 2261 switch (tag) 2262 { 2263 case SHT_HASH: 2264 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword)) 2265 check_sysv_hash64 (ebl, shdr, data, idx, symshdr); 2266 else 2267 check_sysv_hash (ebl, shdr, data, idx, symshdr); 2268 break; 2269 2270 case SHT_GNU_HASH: 2271 check_gnu_hash (ebl, shdr, data, idx, symshdr); 2272 break; 2273 2274 default: 2275 assert (! "should not happen"); 2276 } 2277} 2278 2279 2280/* Compare content of both hash tables, it must be identical. */ 2281static void 2282compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx, 2283 size_t gnu_hash_idx) 2284{ 2285 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx); 2286 Elf_Data *hash_data = elf_getdata (hash_scn, NULL); 2287 GElf_Shdr hash_shdr_mem; 2288 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem); 2289 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx); 2290 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL); 2291 GElf_Shdr gnu_hash_shdr_mem; 2292 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem); 2293 2294 if (hash_shdr == NULL || gnu_hash_shdr == NULL 2295 || hash_data == NULL || gnu_hash_data == NULL) 2296 /* None of these pointers should be NULL since we used the 2297 sections already. We are careful nonetheless. */ 2298 return; 2299 2300 /* The link must point to the same symbol table. */ 2301 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link) 2302 { 2303 ERROR (gettext ("\ 2304sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"), 2305 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2306 gnu_hash_idx, 2307 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2308 return; 2309 } 2310 2311 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link); 2312 Elf_Data *sym_data = elf_getdata (sym_scn, NULL); 2313 GElf_Shdr sym_shdr_mem; 2314 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem); 2315 2316 if (sym_data == NULL || sym_shdr == NULL) 2317 return; 2318 2319 int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize; 2320 char *used = alloca (nentries); 2321 memset (used, '\0', nentries); 2322 2323 /* First go over the GNU_HASH table and mark the entries as used. */ 2324 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf; 2325 Elf32_Word gnu_nbucket = gnu_hasharr[0]; 2326 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2; 2327 const Elf32_Word *gnu_bucket = (gnu_hasharr 2328 + (4 + gnu_hasharr[2] * bitmap_factor)); 2329 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1]; 2330 2331 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt) 2332 { 2333 Elf32_Word symidx = gnu_bucket[cnt]; 2334 if (symidx != STN_UNDEF) 2335 do 2336 used[symidx] |= 1; 2337 while ((gnu_chain[symidx++] & 1u) == 0); 2338 } 2339 2340 /* Now go over the old hash table and check that we cover the same 2341 entries. */ 2342 if (hash_shdr->sh_entsize == sizeof (Elf32_Word)) 2343 { 2344 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf; 2345 Elf32_Word nbucket = hasharr[0]; 2346 const Elf32_Word *bucket = &hasharr[2]; 2347 const Elf32_Word *chain = &hasharr[2 + nbucket]; 2348 2349 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt) 2350 { 2351 Elf32_Word symidx = bucket[cnt]; 2352 while (symidx != STN_UNDEF) 2353 { 2354 used[symidx] |= 2; 2355 symidx = chain[symidx]; 2356 } 2357 } 2358 } 2359 else 2360 { 2361 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf; 2362 Elf64_Xword nbucket = hasharr[0]; 2363 const Elf64_Xword *bucket = &hasharr[2]; 2364 const Elf64_Xword *chain = &hasharr[2 + nbucket]; 2365 2366 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt) 2367 { 2368 Elf64_Xword symidx = bucket[cnt]; 2369 while (symidx != STN_UNDEF) 2370 { 2371 used[symidx] |= 2; 2372 symidx = chain[symidx]; 2373 } 2374 } 2375 } 2376 2377 /* Now see which entries are not set in one or both hash tables 2378 (unless the symbol is undefined in which case it can be omitted 2379 in the new table format). */ 2380 if ((used[0] & 1) != 0) 2381 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2382 gnu_hash_idx, 2383 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2384 if ((used[0] & 2) != 0) 2385 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2386 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2387 2388 for (int cnt = 1; cnt < nentries; ++cnt) 2389 if (used[cnt] != 0 && used[cnt] != 3) 2390 { 2391 if (used[cnt] == 1) 2392 ERROR (gettext ("\ 2393symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"), 2394 cnt, gnu_hash_idx, 2395 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name), 2396 hash_idx, 2397 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2398 else 2399 { 2400 GElf_Sym sym_mem; 2401 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem); 2402 2403 if (sym != NULL && sym->st_shndx != STN_UNDEF) 2404 ERROR (gettext ("\ 2405symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"), 2406 cnt, hash_idx, 2407 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2408 gnu_hash_idx, 2409 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2410 } 2411 } 2412} 2413 2414 2415static void 2416check_null (Ebl *ebl, GElf_Shdr *shdr, int idx) 2417{ 2418#define TEST(name, extra) \ 2419 if (extra && shdr->sh_##name != 0) \ 2420 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \ 2421 idx, section_name (ebl, idx), #name) 2422 2423 TEST (name, 1); 2424 TEST (flags, 1); 2425 TEST (addr, 1); 2426 TEST (offset, 1); 2427 TEST (size, idx != 0); 2428 TEST (link, idx != 0); 2429 TEST (info, 1); 2430 TEST (addralign, 1); 2431 TEST (entsize, 1); 2432} 2433 2434 2435static void 2436check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2437{ 2438 if (ehdr->e_type != ET_REL) 2439 { 2440 ERROR (gettext ("\ 2441section [%2d] '%s': section groups only allowed in relocatable object files\n"), 2442 idx, section_name (ebl, idx)); 2443 return; 2444 } 2445 2446 /* Check that sh_link is an index of a symbol table. */ 2447 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2448 GElf_Shdr symshdr_mem; 2449 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2450 if (symshdr == NULL) 2451 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"), 2452 idx, section_name (ebl, idx), elf_errmsg (-1)); 2453 else 2454 { 2455 if (symshdr->sh_type != SHT_SYMTAB) 2456 ERROR (gettext ("\ 2457section [%2d] '%s': section reference in sh_link is no symbol table\n"), 2458 idx, section_name (ebl, idx)); 2459 2460 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM, 2461 1, EV_CURRENT)) 2462 ERROR (gettext ("\ 2463section [%2d] '%s': invalid symbol index in sh_info\n"), 2464 idx, section_name (ebl, idx)); 2465 2466 if (shdr->sh_flags != 0) 2467 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"), 2468 idx, section_name (ebl, idx)); 2469 2470 GElf_Sym sym_data; 2471 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info, 2472 &sym_data); 2473 if (sym == NULL) 2474 ERROR (gettext ("\ 2475section [%2d] '%s': cannot get symbol for signature\n"), 2476 idx, section_name (ebl, idx)); 2477 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name), 2478 "") == 0) 2479 ERROR (gettext ("\ 2480section [%2d] '%s': signature symbol cannot be empty string\n"), 2481 idx, section_name (ebl, idx)); 2482 2483 if (be_strict 2484 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT)) 2485 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"), 2486 idx, section_name (ebl, idx)); 2487 } 2488 2489 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2490 if (data == NULL) 2491 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"), 2492 idx, section_name (ebl, idx), elf_errmsg (-1)); 2493 else 2494 { 2495 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT); 2496 size_t cnt; 2497 Elf32_Word val; 2498 2499 if (data->d_size % elsize != 0) 2500 ERROR (gettext ("\ 2501section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"), 2502 idx, section_name (ebl, idx)); 2503 2504 if (data->d_size < elsize) 2505 ERROR (gettext ("\ 2506section [%2d] '%s': section group without flags word\n"), 2507 idx, section_name (ebl, idx)); 2508 else if (be_strict) 2509 { 2510 if (data->d_size < 2 * elsize) 2511 ERROR (gettext ("\ 2512section [%2d] '%s': section group without member\n"), 2513 idx, section_name (ebl, idx)); 2514 else if (data->d_size < 3 * elsize) 2515 ERROR (gettext ("\ 2516section [%2d] '%s': section group with only one member\n"), 2517 idx, section_name (ebl, idx)); 2518 } 2519 2520#if ALLOW_UNALIGNED 2521 val = *((Elf32_Word *) data->d_buf); 2522#else 2523 memcpy (&val, data->d_buf, elsize); 2524#endif 2525 if ((val & ~GRP_COMDAT) != 0) 2526 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"), 2527 idx, section_name (ebl, idx)); 2528 2529 for (cnt = elsize; cnt < data->d_size; cnt += elsize) 2530 { 2531#if ALLOW_UNALIGNED 2532 val = *((Elf32_Word *) ((char *) data->d_buf + cnt)); 2533#else 2534 memcpy (&val, (char *) data->d_buf + cnt, elsize); 2535#endif 2536 2537 if (val > shnum) 2538 ERROR (gettext ("\ 2539section [%2d] '%s': section index %Zu out of range\n"), 2540 idx, section_name (ebl, idx), cnt / elsize); 2541 else 2542 { 2543 GElf_Shdr refshdr_mem; 2544 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val), 2545 &refshdr_mem); 2546 if (refshdr == NULL) 2547 ERROR (gettext ("\ 2548section [%2d] '%s': cannot get section header for element %zu: %s\n"), 2549 idx, section_name (ebl, idx), cnt / elsize, 2550 elf_errmsg (-1)); 2551 else 2552 { 2553 if (refshdr->sh_type == SHT_GROUP) 2554 ERROR (gettext ("\ 2555section [%2d] '%s': section group contains another group [%2d] '%s'\n"), 2556 idx, section_name (ebl, idx), 2557 val, section_name (ebl, val)); 2558 2559 if ((refshdr->sh_flags & SHF_GROUP) == 0) 2560 ERROR (gettext ("\ 2561section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"), 2562 idx, section_name (ebl, idx), cnt / elsize, 2563 val, section_name (ebl, val)); 2564 } 2565 2566 if (++scnref[val] == 2) 2567 ERROR (gettext ("\ 2568section [%2d] '%s' is contained in more than one section group\n"), 2569 val, section_name (ebl, val)); 2570 } 2571 } 2572 } 2573} 2574 2575 2576static const char * 2577section_flags_string (GElf_Word flags, char *buf, size_t len) 2578{ 2579 if (flags == 0) 2580 return "none"; 2581 2582 static const struct 2583 { 2584 GElf_Word flag; 2585 const char *name; 2586 } known_flags[] = 2587 { 2588#define NEWFLAG(name) { SHF_##name, #name } 2589 NEWFLAG (WRITE), 2590 NEWFLAG (ALLOC), 2591 NEWFLAG (EXECINSTR), 2592 NEWFLAG (MERGE), 2593 NEWFLAG (STRINGS), 2594 NEWFLAG (INFO_LINK), 2595 NEWFLAG (LINK_ORDER), 2596 NEWFLAG (OS_NONCONFORMING), 2597 NEWFLAG (GROUP), 2598 NEWFLAG (TLS) 2599 }; 2600#undef NEWFLAG 2601 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]); 2602 2603 char *cp = buf; 2604 2605 for (size_t cnt = 0; cnt < nknown_flags; ++cnt) 2606 if (flags & known_flags[cnt].flag) 2607 { 2608 if (cp != buf && len > 1) 2609 { 2610 *cp++ = '|'; 2611 --len; 2612 } 2613 2614 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name)); 2615 cp = mempcpy (cp, known_flags[cnt].name, ncopy); 2616 len -= ncopy; 2617 2618 flags ^= known_flags[cnt].flag; 2619 } 2620 2621 if (flags != 0 || cp == buf) 2622 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags); 2623 2624 *cp = '\0'; 2625 2626 return buf; 2627} 2628 2629 2630static int 2631has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx) 2632{ 2633 /* First find the relocation section for the symbol table. */ 2634 Elf_Scn *scn = NULL; 2635 GElf_Shdr shdr_mem; 2636 GElf_Shdr *shdr = NULL; 2637 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 2638 { 2639 shdr = gelf_getshdr (scn, &shdr_mem); 2640 if (shdr != NULL 2641 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA) 2642 && shdr->sh_link == symscnndx) 2643 /* Found the section. */ 2644 break; 2645 } 2646 2647 if (scn == NULL) 2648 return 0; 2649 2650 Elf_Data *data = elf_getdata (scn, NULL); 2651 if (data == NULL) 2652 return 0; 2653 2654 if (shdr->sh_type == SHT_REL) 2655 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2656 { 2657 GElf_Rel rel_mem; 2658 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem); 2659 if (rel == NULL) 2660 continue; 2661 2662 if (GELF_R_SYM (rel->r_info) == symndx 2663 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info))) 2664 return 1; 2665 } 2666 else 2667 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2668 { 2669 GElf_Rela rela_mem; 2670 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem); 2671 if (rela == NULL) 2672 continue; 2673 2674 if (GELF_R_SYM (rela->r_info) == symndx 2675 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info))) 2676 return 1; 2677 } 2678 2679 return 0; 2680} 2681 2682 2683static int 2684in_nobits_scn (Ebl *ebl, unsigned int shndx) 2685{ 2686 GElf_Shdr shdr_mem; 2687 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem); 2688 return shdr != NULL && shdr->sh_type == SHT_NOBITS; 2689} 2690 2691 2692static struct version_namelist 2693{ 2694 const char *objname; 2695 const char *name; 2696 GElf_Versym ndx; 2697 enum { ver_def, ver_need } type; 2698 struct version_namelist *next; 2699} *version_namelist; 2700 2701 2702static int 2703add_version (const char *objname, const char *name, GElf_Versym ndx, int type) 2704{ 2705 /* Check that there are no duplications. */ 2706 struct version_namelist *nlp = version_namelist; 2707 while (nlp != NULL) 2708 { 2709 if (((nlp->objname == NULL && objname == NULL) 2710 || (nlp->objname != NULL && objname != NULL 2711 && strcmp (nlp->objname, objname) == 0)) 2712 && strcmp (nlp->name, name) == 0) 2713 return nlp->type == ver_def ? 1 : -1; 2714 nlp = nlp->next; 2715 } 2716 2717 nlp = xmalloc (sizeof (*nlp)); 2718 nlp->objname = objname; 2719 nlp->name = name; 2720 nlp->ndx = ndx; 2721 nlp->type = type; 2722 nlp->next = version_namelist; 2723 version_namelist = nlp; 2724 2725 return 0; 2726} 2727 2728 2729static void 2730check_versym (Ebl *ebl, int idx) 2731{ 2732 Elf_Scn *scn = elf_getscn (ebl->elf, idx); 2733 GElf_Shdr shdr_mem; 2734 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2735 if (shdr == NULL) 2736 /* The error has already been reported. */ 2737 return; 2738 2739 Elf_Data *data = elf_getdata (scn, NULL); 2740 if (data == NULL) 2741 { 2742 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2743 idx, section_name (ebl, idx)); 2744 return; 2745 } 2746 2747 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2748 GElf_Shdr symshdr_mem; 2749 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2750 if (symshdr == NULL) 2751 /* The error has already been reported. */ 2752 return; 2753 2754 if (symshdr->sh_type != SHT_DYNSYM) 2755 { 2756 ERROR (gettext ("\ 2757section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"), 2758 idx, section_name (ebl, idx), 2759 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2760 return; 2761 } 2762 2763 /* The number of elements in the version symbol table must be the 2764 same as the number of symbols. */ 2765 if (shdr->sh_entsize && symshdr->sh_entsize 2766 && (shdr->sh_size / shdr->sh_entsize 2767 != symshdr->sh_size / symshdr->sh_entsize)) 2768 ERROR (gettext ("\ 2769section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"), 2770 idx, section_name (ebl, idx), 2771 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2772 2773 Elf_Data *symdata = elf_getdata (symscn, NULL); 2774 if (symdata == NULL) 2775 /* The error has already been reported. */ 2776 return; 2777 2778 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 2779 { 2780 GElf_Versym versym_mem; 2781 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem); 2782 if (versym == NULL) 2783 { 2784 ERROR (gettext ("\ 2785section [%2d] '%s': symbol %d: cannot read version data\n"), 2786 idx, section_name (ebl, idx), cnt); 2787 break; 2788 } 2789 2790 GElf_Sym sym_mem; 2791 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem); 2792 if (sym == NULL) 2793 /* Already reported elsewhere. */ 2794 continue; 2795 2796 if (*versym == VER_NDX_GLOBAL) 2797 { 2798 /* Global symbol. Make sure it is not defined as local. */ 2799 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2800 ERROR (gettext ("\ 2801section [%2d] '%s': symbol %d: local symbol with global scope\n"), 2802 idx, section_name (ebl, idx), cnt); 2803 } 2804 else if (*versym != VER_NDX_LOCAL) 2805 { 2806 /* Versioned symbol. Make sure it is not defined as local. */ 2807 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2808 ERROR (gettext ("\ 2809section [%2d] '%s': symbol %d: local symbol with version\n"), 2810 idx, section_name (ebl, idx), cnt); 2811 2812 /* Look through the list of defined versions and locate the 2813 index we need for this symbol. */ 2814 struct version_namelist *runp = version_namelist; 2815 while (runp != NULL) 2816 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff)) 2817 break; 2818 else 2819 runp = runp->next; 2820 2821 if (runp == NULL) 2822 ERROR (gettext ("\ 2823section [%2d] '%s': symbol %d: invalid version index %d\n"), 2824 idx, section_name (ebl, idx), cnt, (int) *versym); 2825 else if (sym->st_shndx == SHN_UNDEF 2826 && runp->type == ver_def) 2827 ERROR (gettext ("\ 2828section [%2d] '%s': symbol %d: version index %d is for defined version\n"), 2829 idx, section_name (ebl, idx), cnt, (int) *versym); 2830 else if (sym->st_shndx != SHN_UNDEF 2831 && runp->type == ver_need) 2832 { 2833 /* Unless this symbol has a copy relocation associated 2834 this must not happen. */ 2835 if (!has_copy_reloc (ebl, shdr->sh_link, cnt) 2836 && !in_nobits_scn (ebl, sym->st_shndx)) 2837 ERROR (gettext ("\ 2838section [%2d] '%s': symbol %d: version index %d is for requested version\n"), 2839 idx, section_name (ebl, idx), cnt, (int) *versym); 2840 } 2841 } 2842 } 2843} 2844 2845 2846static int 2847unknown_dependency_p (Elf *elf, const char *fname) 2848{ 2849 GElf_Phdr phdr_mem; 2850 GElf_Phdr *phdr = NULL; 2851 2852 unsigned int i; 2853 for (i = 0; i < phnum; ++i) 2854 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL 2855 && phdr->p_type == PT_DYNAMIC) 2856 break; 2857 2858 if (i == phnum) 2859 return 1; 2860 assert (phdr != NULL); 2861 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset); 2862 GElf_Shdr shdr_mem; 2863 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2864 Elf_Data *data = elf_getdata (scn, NULL); 2865 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL) 2866 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j) 2867 { 2868 GElf_Dyn dyn_mem; 2869 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem); 2870 if (dyn != NULL && dyn->d_tag == DT_NEEDED) 2871 { 2872 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val); 2873 if (str != NULL && strcmp (str, fname) == 0) 2874 /* Found it. */ 2875 return 0; 2876 } 2877 } 2878 2879 return 1; 2880} 2881 2882 2883static unsigned int nverneed; 2884 2885static void 2886check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx) 2887{ 2888 if (++nverneed == 2) 2889 ERROR (gettext ("more than one version reference section present\n")); 2890 2891 GElf_Shdr strshdr_mem; 2892 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2893 &strshdr_mem); 2894 if (strshdr == NULL) 2895 return; 2896 if (strshdr->sh_type != SHT_STRTAB) 2897 ERROR (gettext ("\ 2898section [%2d] '%s': sh_link does not link to string table\n"), 2899 idx, section_name (ebl, idx)); 2900 2901 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2902 if (data == NULL) 2903 { 2904 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2905 idx, section_name (ebl, idx)); 2906 return; 2907 } 2908 unsigned int offset = 0; 2909 for (int cnt = shdr->sh_info; --cnt >= 0; ) 2910 { 2911 /* Get the data at the next offset. */ 2912 GElf_Verneed needmem; 2913 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem); 2914 if (need == NULL) 2915 break; 2916 2917 unsigned int auxoffset = offset + need->vn_aux; 2918 2919 if (need->vn_version != EV_CURRENT) 2920 ERROR (gettext ("\ 2921section [%2d] '%s': entry %d has wrong version %d\n"), 2922 idx, section_name (ebl, idx), cnt, (int) need->vn_version); 2923 2924 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED, 2925 1, EV_CURRENT)) 2926 ERROR (gettext ("\ 2927section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 2928 idx, section_name (ebl, idx), cnt); 2929 2930 const char *libname = elf_strptr (ebl->elf, shdr->sh_link, 2931 need->vn_file); 2932 if (libname == NULL) 2933 { 2934 ERROR (gettext ("\ 2935section [%2d] '%s': entry %d has invalid file reference\n"), 2936 idx, section_name (ebl, idx), cnt); 2937 goto next_need; 2938 } 2939 2940 /* Check that there is a DT_NEEDED entry for the referenced library. */ 2941 if (unknown_dependency_p (ebl->elf, libname)) 2942 ERROR (gettext ("\ 2943section [%2d] '%s': entry %d references unknown dependency\n"), 2944 idx, section_name (ebl, idx), cnt); 2945 2946 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; ) 2947 { 2948 GElf_Vernaux auxmem; 2949 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem); 2950 if (aux == NULL) 2951 break; 2952 2953 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0) 2954 ERROR (gettext ("\ 2955section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"), 2956 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2957 2958 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link, 2959 aux->vna_name); 2960 if (verstr == NULL) 2961 ERROR (gettext ("\ 2962section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"), 2963 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2964 else 2965 { 2966 GElf_Word hashval = elf_hash (verstr); 2967 if (hashval != aux->vna_hash) 2968 ERROR (gettext ("\ 2969section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"), 2970 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2971 cnt, (int) hashval, (int) aux->vna_hash); 2972 2973 int res = add_version (libname, verstr, aux->vna_other, 2974 ver_need); 2975 if (unlikely (res !=0)) 2976 { 2977 assert (res > 0); 2978 ERROR (gettext ("\ 2979section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"), 2980 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2981 cnt, verstr); 2982 } 2983 } 2984 2985 if ((aux->vna_next != 0 || cnt2 > 0) 2986 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, 2987 EV_CURRENT)) 2988 { 2989 ERROR (gettext ("\ 2990section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"), 2991 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2992 break; 2993 } 2994 2995 auxoffset += MAX (aux->vna_next, 2996 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT)); 2997 } 2998 2999 /* Find the next offset. */ 3000 next_need: 3001 offset += need->vn_next; 3002 3003 if ((need->vn_next != 0 || cnt > 0) 3004 && offset < auxoffset) 3005 ERROR (gettext ("\ 3006section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3007 idx, section_name (ebl, idx), cnt); 3008 } 3009} 3010 3011 3012static unsigned int nverdef; 3013 3014static void 3015check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx) 3016{ 3017 if (++nverdef == 2) 3018 ERROR (gettext ("more than one version definition section present\n")); 3019 3020 GElf_Shdr strshdr_mem; 3021 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 3022 &strshdr_mem); 3023 if (strshdr == NULL) 3024 return; 3025 if (strshdr->sh_type != SHT_STRTAB) 3026 ERROR (gettext ("\ 3027section [%2d] '%s': sh_link does not link to string table\n"), 3028 idx, section_name (ebl, idx)); 3029 3030 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 3031 if (data == NULL) 3032 { 3033 no_data: 3034 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3035 idx, section_name (ebl, idx)); 3036 return; 3037 } 3038 3039 /* Iterate over all version definition entries. We check that there 3040 is a BASE entry and that each index is unique. To do the later 3041 we collection the information in a list which is later 3042 examined. */ 3043 struct namelist 3044 { 3045 const char *name; 3046 struct namelist *next; 3047 } *namelist = NULL; 3048 struct namelist *refnamelist = NULL; 3049 3050 bool has_base = false; 3051 unsigned int offset = 0; 3052 for (int cnt = shdr->sh_info; --cnt >= 0; ) 3053 { 3054 /* Get the data at the next offset. */ 3055 GElf_Verdef defmem; 3056 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem); 3057 if (def == NULL) 3058 goto no_data; 3059 3060 if ((def->vd_flags & VER_FLG_BASE) != 0) 3061 { 3062 if (has_base) 3063 ERROR (gettext ("\ 3064section [%2d] '%s': more than one BASE definition\n"), 3065 idx, section_name (ebl, idx)); 3066 if (def->vd_ndx != VER_NDX_GLOBAL) 3067 ERROR (gettext ("\ 3068section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"), 3069 idx, section_name (ebl, idx)); 3070 has_base = true; 3071 } 3072 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0) 3073 ERROR (gettext ("\ 3074section [%2d] '%s': entry %d has unknown flag\n"), 3075 idx, section_name (ebl, idx), cnt); 3076 3077 if (def->vd_version != EV_CURRENT) 3078 ERROR (gettext ("\ 3079section [%2d] '%s': entry %d has wrong version %d\n"), 3080 idx, section_name (ebl, idx), cnt, (int) def->vd_version); 3081 3082 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF, 3083 1, EV_CURRENT)) 3084 ERROR (gettext ("\ 3085section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 3086 idx, section_name (ebl, idx), cnt); 3087 3088 unsigned int auxoffset = offset + def->vd_aux; 3089 GElf_Verdaux auxmem; 3090 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem); 3091 if (aux == NULL) 3092 goto no_data; 3093 3094 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3095 if (name == NULL) 3096 { 3097 ERROR (gettext ("\ 3098section [%2d] '%s': entry %d has invalid name reference\n"), 3099 idx, section_name (ebl, idx), cnt); 3100 goto next_def; 3101 } 3102 GElf_Word hashval = elf_hash (name); 3103 if (def->vd_hash != hashval) 3104 ERROR (gettext ("\ 3105section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"), 3106 idx, section_name (ebl, idx), cnt, (int) hashval, 3107 (int) def->vd_hash); 3108 3109 int res = add_version (NULL, name, def->vd_ndx, ver_def); 3110 if (unlikely (res !=0)) 3111 { 3112 assert (res > 0); 3113 ERROR (gettext ("\ 3114section [%2d] '%s': entry %d has duplicate version name '%s'\n"), 3115 idx, section_name (ebl, idx), cnt, name); 3116 } 3117 3118 struct namelist *newname = alloca (sizeof (*newname)); 3119 newname->name = name; 3120 newname->next = namelist; 3121 namelist = newname; 3122 3123 auxoffset += aux->vda_next; 3124 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2) 3125 { 3126 aux = gelf_getverdaux (data, auxoffset, &auxmem); 3127 if (aux == NULL) 3128 goto no_data; 3129 3130 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3131 if (name == NULL) 3132 ERROR (gettext ("\ 3133section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"), 3134 idx, section_name (ebl, idx), cnt); 3135 else 3136 { 3137 newname = alloca (sizeof (*newname)); 3138 newname->name = name; 3139 newname->next = refnamelist; 3140 refnamelist = newname; 3141 } 3142 3143 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt) 3144 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, 3145 EV_CURRENT)) 3146 { 3147 ERROR (gettext ("\ 3148section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"), 3149 idx, section_name (ebl, idx), cnt); 3150 break; 3151 } 3152 3153 auxoffset += MAX (aux->vda_next, 3154 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT)); 3155 } 3156 3157 /* Find the next offset. */ 3158 next_def: 3159 offset += def->vd_next; 3160 3161 if ((def->vd_next != 0 || cnt > 0) 3162 && offset < auxoffset) 3163 ERROR (gettext ("\ 3164section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3165 idx, section_name (ebl, idx), cnt); 3166 } 3167 3168 if (!has_base) 3169 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"), 3170 idx, section_name (ebl, idx)); 3171 3172 /* Check whether the referenced names are available. */ 3173 while (namelist != NULL) 3174 { 3175 struct version_namelist *runp = version_namelist; 3176 while (runp != NULL) 3177 { 3178 if (runp->type == ver_def 3179 && strcmp (runp->name, namelist->name) == 0) 3180 break; 3181 runp = runp->next; 3182 } 3183 3184 if (runp == NULL) 3185 ERROR (gettext ("\ 3186section [%2d] '%s': unknown parent version '%s'\n"), 3187 idx, section_name (ebl, idx), namelist->name); 3188 3189 namelist = namelist->next; 3190 } 3191} 3192 3193static void 3194check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 3195{ 3196 if (shdr->sh_size == 0) 3197 { 3198 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"), 3199 idx, section_name (ebl, idx)); 3200 return; 3201 } 3202 3203 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL); 3204 if (data == NULL || data->d_size == 0) 3205 { 3206 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3207 idx, section_name (ebl, idx)); 3208 return; 3209 } 3210 3211 inline size_t pos (const unsigned char *p) 3212 { 3213 return p - (const unsigned char *) data->d_buf; 3214 } 3215 3216 const unsigned char *p = data->d_buf; 3217 if (*p++ != 'A') 3218 { 3219 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"), 3220 idx, section_name (ebl, idx)); 3221 return; 3222 } 3223 3224 inline size_t left (void) 3225 { 3226 return (const unsigned char *) data->d_buf + data->d_size - p; 3227 } 3228 3229 while (left () >= 4) 3230 { 3231 uint32_t len; 3232 memcpy (&len, p, sizeof len); 3233 3234 if (len == 0) 3235 ERROR (gettext ("\ 3236section [%2d] '%s': offset %zu: zero length field in attribute section\n"), 3237 idx, section_name (ebl, idx), pos (p)); 3238 3239 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3240 CONVERT (len); 3241 3242 if (len > left ()) 3243 { 3244 ERROR (gettext ("\ 3245section [%2d] '%s': offset %zu: invalid length in attribute section\n"), 3246 idx, section_name (ebl, idx), pos (p)); 3247 break; 3248 } 3249 3250 const unsigned char *name = p + sizeof len; 3251 p += len; 3252 3253 unsigned const char *q = memchr (name, '\0', len); 3254 if (q == NULL) 3255 { 3256 ERROR (gettext ("\ 3257section [%2d] '%s': offset %zu: unterminated vendor name string\n"), 3258 idx, section_name (ebl, idx), pos (p)); 3259 continue; 3260 } 3261 ++q; 3262 3263 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu")) 3264 while (q < p) 3265 { 3266 unsigned const char *chunk = q; 3267 3268 unsigned int subsection_tag; 3269 get_uleb128 (subsection_tag, q, p); 3270 3271 if (q >= p) 3272 { 3273 ERROR (gettext ("\ 3274section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"), 3275 idx, section_name (ebl, idx), pos (chunk)); 3276 break; 3277 } 3278 3279 uint32_t subsection_len; 3280 if (p - q < (ptrdiff_t) sizeof subsection_len) 3281 { 3282 ERROR (gettext ("\ 3283section [%2d] '%s': offset %zu: truncated attribute section\n"), 3284 idx, section_name (ebl, idx), pos (q)); 3285 break; 3286 } 3287 3288 memcpy (&subsection_len, q, sizeof subsection_len); 3289 if (subsection_len == 0) 3290 { 3291 ERROR (gettext ("\ 3292section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"), 3293 idx, section_name (ebl, idx), pos (q)); 3294 3295 q += sizeof subsection_len; 3296 continue; 3297 } 3298 3299 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3300 CONVERT (subsection_len); 3301 3302 if (p - chunk < (ptrdiff_t) subsection_len) 3303 { 3304 ERROR (gettext ("\ 3305section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"), 3306 idx, section_name (ebl, idx), pos (q)); 3307 break; 3308 } 3309 3310 const unsigned char *subsection_end = chunk + subsection_len; 3311 chunk = q; 3312 q = subsection_end; 3313 3314 if (subsection_tag != 1) /* Tag_File */ 3315 ERROR (gettext ("\ 3316section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"), 3317 idx, section_name (ebl, idx), pos (chunk), subsection_tag); 3318 else 3319 { 3320 chunk += sizeof subsection_len; 3321 while (chunk < q) 3322 { 3323 unsigned int tag; 3324 get_uleb128 (tag, chunk, q); 3325 3326 uint64_t value = 0; 3327 const unsigned char *r = chunk; 3328 if (tag == 32 || (tag & 1) == 0) 3329 { 3330 get_uleb128 (value, r, q); 3331 if (r > q) 3332 { 3333 ERROR (gettext ("\ 3334section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"), 3335 idx, section_name (ebl, idx), pos (chunk)); 3336 break; 3337 } 3338 } 3339 if (tag == 32 || (tag & 1) != 0) 3340 { 3341 r = memchr (r, '\0', q - r); 3342 if (r == NULL) 3343 { 3344 ERROR (gettext ("\ 3345section [%2d] '%s': offset %zu: unterminated string in attribute\n"), 3346 idx, section_name (ebl, idx), pos (chunk)); 3347 break; 3348 } 3349 ++r; 3350 } 3351 3352 const char *tag_name = NULL; 3353 const char *value_name = NULL; 3354 if (!ebl_check_object_attribute (ebl, (const char *) name, 3355 tag, value, 3356 &tag_name, &value_name)) 3357 ERROR (gettext ("\ 3358section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"), 3359 idx, section_name (ebl, idx), pos (chunk), tag); 3360 else if ((tag & 1) == 0 && value_name == NULL) 3361 ERROR (gettext ("\ 3362section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"), 3363 idx, section_name (ebl, idx), pos (chunk), 3364 tag_name, value); 3365 3366 chunk = r; 3367 } 3368 } 3369 } 3370 else 3371 ERROR (gettext ("\ 3372section [%2d] '%s': offset %zu: vendor '%s' unknown\n"), 3373 idx, section_name (ebl, idx), pos (p), name); 3374 } 3375 3376 if (left () != 0) 3377 ERROR (gettext ("\ 3378section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"), 3379 idx, section_name (ebl, idx), pos (p)); 3380} 3381 3382static bool has_loadable_segment; 3383static bool has_interp_segment; 3384 3385static const struct 3386{ 3387 const char *name; 3388 size_t namelen; 3389 GElf_Word type; 3390 enum { unused, exact, atleast, exact_or_gnuld } attrflag; 3391 GElf_Word attr; 3392 GElf_Word attr2; 3393} special_sections[] = 3394 { 3395 /* See figure 4-14 in the gABI. */ 3396 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3397 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS }, 3398 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3399 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3400 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 }, 3401 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 }, 3402 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE }, 3403 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 }, 3404 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 }, 3405 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3406 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3407 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info? 3408 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 }, 3409 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3410 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3411 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests? 3412 { ".line", 6, SHT_PROGBITS, exact, 0, 0 }, 3413 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC }, 3414 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests 3415 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3416 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests 3417 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC | SHF_INFO_LINK }, // XXX more tests 3418 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3419 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3420 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 }, 3421 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3422 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3423 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests 3424 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3425 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3426 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3427 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3428 3429 /* The following are GNU extensions. */ 3430 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 }, 3431 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 }, 3432 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 }, 3433 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 }, 3434 }; 3435#define nspecial_sections \ 3436 (sizeof (special_sections) / sizeof (special_sections[0])) 3437 3438#define IS_KNOWN_SPECIAL(idx, string, prefix) \ 3439 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \ 3440 && !memcmp (special_sections[idx].name, string, \ 3441 sizeof string - (prefix ? 1 : 0))) 3442 3443 3444/* Indeces of some sections we need later. */ 3445static size_t eh_frame_hdr_scnndx; 3446static size_t eh_frame_scnndx; 3447static size_t gcc_except_table_scnndx; 3448 3449 3450static void 3451check_sections (Ebl *ebl, GElf_Ehdr *ehdr) 3452{ 3453 if (ehdr->e_shoff == 0) 3454 /* No section header. */ 3455 return; 3456 3457 /* Allocate array to count references in section groups. */ 3458 scnref = (int *) xcalloc (shnum, sizeof (int)); 3459 3460 /* Check the zeroth section first. It must not have any contents 3461 and the section header must contain nonzero value at most in the 3462 sh_size and sh_link fields. */ 3463 GElf_Shdr shdr_mem; 3464 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 3465 if (shdr == NULL) 3466 ERROR (gettext ("cannot get section header of zeroth section\n")); 3467 else 3468 { 3469 if (shdr->sh_name != 0) 3470 ERROR (gettext ("zeroth section has nonzero name\n")); 3471 if (shdr->sh_type != 0) 3472 ERROR (gettext ("zeroth section has nonzero type\n")); 3473 if (shdr->sh_flags != 0) 3474 ERROR (gettext ("zeroth section has nonzero flags\n")); 3475 if (shdr->sh_addr != 0) 3476 ERROR (gettext ("zeroth section has nonzero address\n")); 3477 if (shdr->sh_offset != 0) 3478 ERROR (gettext ("zeroth section has nonzero offset\n")); 3479 if (shdr->sh_addralign != 0) 3480 ERROR (gettext ("zeroth section has nonzero align value\n")); 3481 if (shdr->sh_entsize != 0) 3482 ERROR (gettext ("zeroth section has nonzero entry size value\n")); 3483 3484 if (shdr->sh_size != 0 && ehdr->e_shnum != 0) 3485 ERROR (gettext ("\ 3486zeroth section has nonzero size value while ELF header has nonzero shnum value\n")); 3487 3488 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX) 3489 ERROR (gettext ("\ 3490zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n")); 3491 3492 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM) 3493 ERROR (gettext ("\ 3494zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n")); 3495 } 3496 3497 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]); 3498 3499 bool dot_interp_section = false; 3500 3501 size_t hash_idx = 0; 3502 size_t gnu_hash_idx = 0; 3503 3504 size_t versym_scnndx = 0; 3505 for (size_t cnt = 1; cnt < shnum; ++cnt) 3506 { 3507 shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem); 3508 if (shdr == NULL) 3509 { 3510 ERROR (gettext ("\ 3511cannot get section header for section [%2zu] '%s': %s\n"), 3512 cnt, section_name (ebl, cnt), elf_errmsg (-1)); 3513 continue; 3514 } 3515 3516 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 3517 3518 if (scnname == NULL) 3519 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt); 3520 else 3521 { 3522 /* Check whether it is one of the special sections defined in 3523 the gABI. */ 3524 size_t s; 3525 for (s = 0; s < nspecial_sections; ++s) 3526 if (strncmp (scnname, special_sections[s].name, 3527 special_sections[s].namelen) == 0) 3528 { 3529 char stbuf1[100]; 3530 char stbuf2[100]; 3531 char stbuf3[100]; 3532 3533 GElf_Word good_type = special_sections[s].type; 3534 if (IS_KNOWN_SPECIAL (s, ".plt", false) 3535 && ebl_bss_plt_p (ebl)) 3536 good_type = SHT_NOBITS; 3537 3538 /* In a debuginfo file, any normal section can be SHT_NOBITS. 3539 This is only invalid for DWARF sections and .shstrtab. */ 3540 if (shdr->sh_type != good_type 3541 && (shdr->sh_type != SHT_NOBITS 3542 || !is_debuginfo 3543 || IS_KNOWN_SPECIAL (s, ".debug_str", false) 3544 || IS_KNOWN_SPECIAL (s, ".debug", true) 3545 || IS_KNOWN_SPECIAL (s, ".shstrtab", false))) 3546 ERROR (gettext ("\ 3547section [%2d] '%s' has wrong type: expected %s, is %s\n"), 3548 (int) cnt, scnname, 3549 ebl_section_type_name (ebl, special_sections[s].type, 3550 stbuf1, sizeof (stbuf1)), 3551 ebl_section_type_name (ebl, shdr->sh_type, 3552 stbuf2, sizeof (stbuf2))); 3553 3554 if (special_sections[s].attrflag == exact 3555 || special_sections[s].attrflag == exact_or_gnuld) 3556 { 3557 /* Except for the link order and group bit all the 3558 other bits should match exactly. */ 3559 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP)) 3560 != special_sections[s].attr 3561 && (special_sections[s].attrflag == exact || !gnuld)) 3562 ERROR (gettext ("\ 3563section [%2zu] '%s' has wrong flags: expected %s, is %s\n"), 3564 cnt, scnname, 3565 section_flags_string (special_sections[s].attr, 3566 stbuf1, sizeof (stbuf1)), 3567 section_flags_string (shdr->sh_flags 3568 & ~SHF_LINK_ORDER, 3569 stbuf2, sizeof (stbuf2))); 3570 } 3571 else if (special_sections[s].attrflag == atleast) 3572 { 3573 if ((shdr->sh_flags & special_sections[s].attr) 3574 != special_sections[s].attr 3575 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP 3576 | special_sections[s].attr 3577 | special_sections[s].attr2)) 3578 != 0)) 3579 ERROR (gettext ("\ 3580section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"), 3581 cnt, scnname, 3582 section_flags_string (special_sections[s].attr, 3583 stbuf1, sizeof (stbuf1)), 3584 section_flags_string (special_sections[s].attr2, 3585 stbuf2, sizeof (stbuf2)), 3586 section_flags_string (shdr->sh_flags 3587 & ~(SHF_LINK_ORDER 3588 | SHF_GROUP), 3589 stbuf3, sizeof (stbuf3))); 3590 } 3591 3592 if (strcmp (scnname, ".interp") == 0) 3593 { 3594 dot_interp_section = true; 3595 3596 if (ehdr->e_type == ET_REL) 3597 ERROR (gettext ("\ 3598section [%2zu] '%s' present in object file\n"), 3599 cnt, scnname); 3600 3601 if ((shdr->sh_flags & SHF_ALLOC) != 0 3602 && !has_loadable_segment) 3603 ERROR (gettext ("\ 3604section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3605 cnt, scnname); 3606 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3607 && has_loadable_segment) 3608 ERROR (gettext ("\ 3609section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3610 cnt, scnname); 3611 } 3612 else 3613 { 3614 if (strcmp (scnname, ".symtab_shndx") == 0 3615 && ehdr->e_type != ET_REL) 3616 ERROR (gettext ("\ 3617section [%2zu] '%s' is extension section index table in non-object file\n"), 3618 cnt, scnname); 3619 3620 /* These sections must have the SHF_ALLOC flag set iff 3621 a loadable segment is available. 3622 3623 .relxxx 3624 .strtab 3625 .symtab 3626 .symtab_shndx 3627 3628 Check that if there is a reference from the 3629 loaded section these sections also have the 3630 ALLOC flag set. */ 3631#if 0 3632 // XXX TODO 3633 if ((shdr->sh_flags & SHF_ALLOC) != 0 3634 && !has_loadable_segment) 3635 ERROR (gettext ("\ 3636section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3637 cnt, scnname); 3638 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3639 && has_loadable_segment) 3640 ERROR (gettext ("\ 3641section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3642 cnt, scnname); 3643#endif 3644 } 3645 3646 break; 3647 } 3648 3649 /* Remember a few special sections for later. */ 3650 if (strcmp (scnname, ".eh_frame_hdr") == 0) 3651 eh_frame_hdr_scnndx = cnt; 3652 else if (strcmp (scnname, ".eh_frame") == 0) 3653 eh_frame_scnndx = cnt; 3654 else if (strcmp (scnname, ".gcc_except_table") == 0) 3655 gcc_except_table_scnndx = cnt; 3656 } 3657 3658 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize) 3659 ERROR (gettext ("\ 3660section [%2zu] '%s': size not multiple of entry size\n"), 3661 cnt, section_name (ebl, cnt)); 3662 3663 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL) 3664 ERROR (gettext ("cannot get section header\n")); 3665 3666 if (shdr->sh_type >= SHT_NUM 3667 && shdr->sh_type != SHT_GNU_ATTRIBUTES 3668 && shdr->sh_type != SHT_GNU_LIBLIST 3669 && shdr->sh_type != SHT_CHECKSUM 3670 && shdr->sh_type != SHT_GNU_verdef 3671 && shdr->sh_type != SHT_GNU_verneed 3672 && shdr->sh_type != SHT_GNU_versym 3673 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL) 3674 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"), 3675 cnt, section_name (ebl, cnt), 3676 (int) shdr->sh_type); 3677 3678#define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \ 3679 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \ 3680 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS) 3681 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS) 3682 { 3683 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS; 3684 if (sh_flags & SHF_MASKPROC) 3685 { 3686 if (!ebl_machine_section_flag_check (ebl, 3687 sh_flags & SHF_MASKPROC)) 3688 ERROR (gettext ("section [%2zu] '%s'" 3689 " contains invalid processor-specific flag(s)" 3690 " %#" PRIx64 "\n"), 3691 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC); 3692 sh_flags &= ~(GElf_Xword) SHF_MASKPROC; 3693 } 3694 if (sh_flags != 0) 3695 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)" 3696 " %#" PRIx64 "\n"), 3697 cnt, section_name (ebl, cnt), sh_flags); 3698 } 3699 if (shdr->sh_flags & SHF_TLS) 3700 { 3701 // XXX Correct? 3702 if (shdr->sh_addr != 0 && !gnuld) 3703 ERROR (gettext ("\ 3704section [%2zu] '%s': thread-local data sections address not zero\n"), 3705 cnt, section_name (ebl, cnt)); 3706 3707 // XXX TODO more tests!? 3708 } 3709 3710 if (shdr->sh_link >= shnum) 3711 ERROR (gettext ("\ 3712section [%2zu] '%s': invalid section reference in link value\n"), 3713 cnt, section_name (ebl, cnt)); 3714 3715 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum) 3716 ERROR (gettext ("\ 3717section [%2zu] '%s': invalid section reference in info value\n"), 3718 cnt, section_name (ebl, cnt)); 3719 3720 if ((shdr->sh_flags & SHF_MERGE) == 0 3721 && (shdr->sh_flags & SHF_STRINGS) != 0 3722 && be_strict) 3723 ERROR (gettext ("\ 3724section [%2zu] '%s': strings flag set without merge flag\n"), 3725 cnt, section_name (ebl, cnt)); 3726 3727 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0) 3728 ERROR (gettext ("\ 3729section [%2zu] '%s': merge flag set but entry size is zero\n"), 3730 cnt, section_name (ebl, cnt)); 3731 3732 if (shdr->sh_flags & SHF_GROUP) 3733 check_scn_group (ebl, cnt); 3734 3735 if (shdr->sh_flags & SHF_EXECINSTR) 3736 { 3737 switch (shdr->sh_type) 3738 { 3739 case SHT_PROGBITS: 3740 break; 3741 3742 case SHT_NOBITS: 3743 if (is_debuginfo) 3744 break; 3745 default: 3746 ERROR (gettext ("\ 3747section [%2zu] '%s' has unexpected type %d for an executable section\n"), 3748 cnt, section_name (ebl, cnt), shdr->sh_type); 3749 break; 3750 } 3751 3752 if ((shdr->sh_flags & SHF_WRITE) 3753 && !ebl_check_special_section (ebl, cnt, shdr, 3754 section_name (ebl, cnt))) 3755 ERROR (gettext ("\ 3756section [%2zu] '%s' is both executable and writable\n"), 3757 cnt, section_name (ebl, cnt)); 3758 } 3759 3760 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0) 3761 { 3762 /* Make sure the section is contained in a loaded segment 3763 and that the initialization part matches NOBITS sections. */ 3764 unsigned int pcnt; 3765 GElf_Phdr phdr_mem; 3766 GElf_Phdr *phdr; 3767 3768 for (pcnt = 0; pcnt < phnum; ++pcnt) 3769 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL 3770 && ((phdr->p_type == PT_LOAD 3771 && (shdr->sh_flags & SHF_TLS) == 0) 3772 || (phdr->p_type == PT_TLS 3773 && (shdr->sh_flags & SHF_TLS) != 0)) 3774 && phdr->p_offset <= shdr->sh_offset 3775 && ((shdr->sh_offset - phdr->p_offset <= phdr->p_filesz 3776 && (shdr->sh_offset - phdr->p_offset < phdr->p_filesz 3777 || shdr->sh_size == 0)) 3778 || (shdr->sh_offset - phdr->p_offset < phdr->p_memsz 3779 && shdr->sh_type == SHT_NOBITS))) 3780 { 3781 /* Found the segment. */ 3782 if (phdr->p_offset + phdr->p_memsz 3783 < shdr->sh_offset + shdr->sh_size) 3784 ERROR (gettext ("\ 3785section [%2zu] '%s' not fully contained in segment of program header entry %d\n"), 3786 cnt, section_name (ebl, cnt), pcnt); 3787 3788 if (shdr->sh_type == SHT_NOBITS) 3789 { 3790 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz 3791 && !is_debuginfo) 3792 ERROR (gettext ("\ 3793section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"), 3794 cnt, section_name (ebl, cnt), pcnt); 3795 } 3796 else 3797 { 3798 const GElf_Off end = phdr->p_offset + phdr->p_filesz; 3799 if (shdr->sh_offset > end || 3800 (shdr->sh_offset == end && shdr->sh_size != 0)) 3801 ERROR (gettext ("\ 3802section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"), 3803 cnt, section_name (ebl, cnt), pcnt); 3804 } 3805 3806 if (shdr->sh_type != SHT_NOBITS) 3807 { 3808 if ((shdr->sh_flags & SHF_EXECINSTR) != 0) 3809 { 3810 segment_flags[pcnt] |= PF_X; 3811 if ((phdr->p_flags & PF_X) == 0) 3812 ERROR (gettext ("\ 3813section [%2zu] '%s' is executable in nonexecutable segment %d\n"), 3814 cnt, section_name (ebl, cnt), pcnt); 3815 } 3816 3817 if ((shdr->sh_flags & SHF_WRITE) != 0) 3818 { 3819 segment_flags[pcnt] |= PF_W; 3820 if (0 /* XXX vdso images have this */ 3821 && (phdr->p_flags & PF_W) == 0) 3822 ERROR (gettext ("\ 3823section [%2zu] '%s' is writable in unwritable segment %d\n"), 3824 cnt, section_name (ebl, cnt), pcnt); 3825 } 3826 } 3827 3828 break; 3829 } 3830 3831 if (pcnt == phnum) 3832 ERROR (gettext ("\ 3833section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"), 3834 cnt, section_name (ebl, cnt)); 3835 } 3836 3837 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB) 3838 ERROR (gettext ("\ 3839section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"), 3840 cnt, section_name (ebl, cnt)); 3841 3842 switch (shdr->sh_type) 3843 { 3844 case SHT_DYNSYM: 3845 if (ehdr->e_type == ET_REL) 3846 ERROR (gettext ("\ 3847section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"), 3848 cnt, section_name (ebl, cnt)); 3849 /* FALLTHROUGH */ 3850 case SHT_SYMTAB: 3851 check_symtab (ebl, ehdr, shdr, cnt); 3852 break; 3853 3854 case SHT_RELA: 3855 check_rela (ebl, ehdr, shdr, cnt); 3856 break; 3857 3858 case SHT_REL: 3859 check_rel (ebl, ehdr, shdr, cnt); 3860 break; 3861 3862 case SHT_DYNAMIC: 3863 check_dynamic (ebl, ehdr, shdr, cnt); 3864 break; 3865 3866 case SHT_SYMTAB_SHNDX: 3867 check_symtab_shndx (ebl, ehdr, shdr, cnt); 3868 break; 3869 3870 case SHT_HASH: 3871 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3872 hash_idx = cnt; 3873 break; 3874 3875 case SHT_GNU_HASH: 3876 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3877 gnu_hash_idx = cnt; 3878 break; 3879 3880 case SHT_NULL: 3881 check_null (ebl, shdr, cnt); 3882 break; 3883 3884 case SHT_GROUP: 3885 check_group (ebl, ehdr, shdr, cnt); 3886 break; 3887 3888 case SHT_NOTE: 3889 check_note_section (ebl, ehdr, shdr, cnt); 3890 break; 3891 3892 case SHT_GNU_versym: 3893 /* We cannot process this section now since we have no guarantee 3894 that the verneed and verdef sections have already been read. 3895 Just remember the section index. */ 3896 if (versym_scnndx != 0) 3897 ERROR (gettext ("more than one version symbol table present\n")); 3898 versym_scnndx = cnt; 3899 break; 3900 3901 case SHT_GNU_verneed: 3902 check_verneed (ebl, shdr, cnt); 3903 break; 3904 3905 case SHT_GNU_verdef: 3906 check_verdef (ebl, shdr, cnt); 3907 break; 3908 3909 case SHT_GNU_ATTRIBUTES: 3910 check_attributes (ebl, ehdr, shdr, cnt); 3911 break; 3912 3913 default: 3914 /* Nothing. */ 3915 break; 3916 } 3917 } 3918 3919 if (has_interp_segment && !dot_interp_section) 3920 ERROR (gettext ("INTERP program header entry but no .interp section\n")); 3921 3922 if (!is_debuginfo) 3923 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 3924 { 3925 GElf_Phdr phdr_mem; 3926 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 3927 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS)) 3928 { 3929 if ((phdr->p_flags & PF_X) != 0 3930 && (segment_flags[pcnt] & PF_X) == 0) 3931 ERROR (gettext ("\ 3932loadable segment [%u] is executable but contains no executable sections\n"), 3933 pcnt); 3934 3935 if ((phdr->p_flags & PF_W) != 0 3936 && (segment_flags[pcnt] & PF_W) == 0) 3937 ERROR (gettext ("\ 3938loadable segment [%u] is writable but contains no writable sections\n"), 3939 pcnt); 3940 } 3941 } 3942 3943 free (segment_flags); 3944 3945 if (version_namelist != NULL) 3946 { 3947 if (versym_scnndx == 0) 3948 ERROR (gettext ("\ 3949no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n")); 3950 else 3951 check_versym (ebl, versym_scnndx); 3952 3953 /* Check for duplicate index numbers. */ 3954 do 3955 { 3956 struct version_namelist *runp = version_namelist->next; 3957 while (runp != NULL) 3958 { 3959 if (version_namelist->ndx == runp->ndx) 3960 { 3961 ERROR (gettext ("duplicate version index %d\n"), 3962 (int) version_namelist->ndx); 3963 break; 3964 } 3965 runp = runp->next; 3966 } 3967 3968 struct version_namelist *old = version_namelist; 3969 version_namelist = version_namelist->next; 3970 free (old); 3971 } 3972 while (version_namelist != NULL); 3973 } 3974 else if (versym_scnndx != 0) 3975 ERROR (gettext ("\ 3976.gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n")); 3977 3978 if (hash_idx != 0 && gnu_hash_idx != 0) 3979 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx); 3980 3981 free (scnref); 3982} 3983 3984 3985static GElf_Off 3986check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr, 3987 Elf_Data *data, int shndx, int phndx, GElf_Off start) 3988{ 3989 size_t offset = 0; 3990 size_t last_offset = 0; 3991 GElf_Nhdr nhdr; 3992 size_t name_offset; 3993 size_t desc_offset; 3994 while (offset < data->d_size 3995 && (offset = gelf_getnote (data, offset, 3996 &nhdr, &name_offset, &desc_offset)) > 0) 3997 { 3998 last_offset = offset; 3999 4000 /* Make sure it is one of the note types we know about. */ 4001 if (ehdr->e_type == ET_CORE) 4002 switch (nhdr.n_type) 4003 { 4004 case NT_PRSTATUS: 4005 case NT_FPREGSET: 4006 case NT_PRPSINFO: 4007 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */ 4008 case NT_PLATFORM: 4009 case NT_AUXV: 4010 case NT_GWINDOWS: 4011 case NT_ASRS: 4012 case NT_PSTATUS: 4013 case NT_PSINFO: 4014 case NT_PRCRED: 4015 case NT_UTSNAME: 4016 case NT_LWPSTATUS: 4017 case NT_LWPSINFO: 4018 case NT_PRFPXREG: 4019 /* Known type. */ 4020 break; 4021 4022 default: 4023 if (shndx == 0) 4024 ERROR (gettext ("\ 4025phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"), 4026 phndx, (uint32_t) nhdr.n_type, start + offset); 4027 else 4028 ERROR (gettext ("\ 4029section [%2d] '%s': unknown core file note type %" PRIu32 4030 " at offset %Zu\n"), 4031 shndx, section_name (ebl, shndx), 4032 (uint32_t) nhdr.n_type, offset); 4033 } 4034 else 4035 switch (nhdr.n_type) 4036 { 4037 case NT_GNU_ABI_TAG: 4038 case NT_GNU_HWCAP: 4039 case NT_GNU_BUILD_ID: 4040 case NT_GNU_GOLD_VERSION: 4041 break; 4042 4043 case 0: 4044 /* Linux vDSOs use a type 0 note for the kernel version word. */ 4045 if (nhdr.n_namesz == sizeof "Linux" 4046 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux")) 4047 break; 4048 4049 default: 4050 if (shndx == 0) 4051 ERROR (gettext ("\ 4052phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"), 4053 phndx, (uint32_t) nhdr.n_type, offset); 4054 else 4055 ERROR (gettext ("\ 4056section [%2d] '%s': unknown object file note type %" PRIu32 4057 " at offset %Zu\n"), 4058 shndx, section_name (ebl, shndx), 4059 (uint32_t) nhdr.n_type, offset); 4060 } 4061 } 4062 4063 return last_offset; 4064} 4065 4066 4067static void 4068check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt) 4069{ 4070 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4071 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4072 ERROR (gettext ("\ 4073phdr[%d]: no note entries defined for the type of file\n"), 4074 cnt); 4075 4076 if (is_debuginfo) 4077 /* The p_offset values in a separate debug file are bogus. */ 4078 return; 4079 4080 if (phdr->p_filesz == 0) 4081 return; 4082 4083 GElf_Off notes_size = 0; 4084 Elf_Data *data = elf_getdata_rawchunk (ebl->elf, 4085 phdr->p_offset, phdr->p_filesz, 4086 ELF_T_NHDR); 4087 if (data != NULL) 4088 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset); 4089 4090 if (notes_size == 0) 4091 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"), 4092 cnt, elf_errmsg (-1)); 4093 else if (notes_size != phdr->p_filesz) 4094 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"), 4095 cnt, phdr->p_filesz - notes_size); 4096} 4097 4098 4099static void 4100check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 4101{ 4102 if (shdr->sh_size == 0) 4103 return; 4104 4105 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 4106 if (data == NULL) 4107 { 4108 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 4109 idx, section_name (ebl, idx)); 4110 return; 4111 } 4112 4113 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4114 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4115 ERROR (gettext ("\ 4116section [%2d] '%s': no note entries defined for the type of file\n"), 4117 idx, section_name (ebl, idx)); 4118 4119 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0); 4120 4121 if (notes_size == 0) 4122 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"), 4123 idx, section_name (ebl, idx)); 4124 else if (notes_size != shdr->sh_size) 4125 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64 4126 " bytes after last note\n"), 4127 idx, section_name (ebl, idx), shdr->sh_size - notes_size); 4128} 4129 4130 4131/* Index of the PT_GNU_EH_FRAME program eader entry. */ 4132static int pt_gnu_eh_frame_pndx; 4133 4134 4135static void 4136check_program_header (Ebl *ebl, GElf_Ehdr *ehdr) 4137{ 4138 if (ehdr->e_phoff == 0) 4139 return; 4140 4141 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 4142 && ehdr->e_type != ET_CORE) 4143 ERROR (gettext ("\ 4144only executables, shared objects, and core files can have program headers\n")); 4145 4146 int num_pt_interp = 0; 4147 int num_pt_tls = 0; 4148 int num_pt_relro = 0; 4149 4150 for (unsigned int cnt = 0; cnt < phnum; ++cnt) 4151 { 4152 GElf_Phdr phdr_mem; 4153 GElf_Phdr *phdr; 4154 4155 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem); 4156 if (phdr == NULL) 4157 { 4158 ERROR (gettext ("cannot get program header entry %d: %s\n"), 4159 cnt, elf_errmsg (-1)); 4160 continue; 4161 } 4162 4163 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME 4164 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO 4165 /* Check for a known machine-specific type. */ 4166 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL) 4167 ERROR (gettext ("\ 4168program header entry %d: unknown program header entry type %#" PRIx64 "\n"), 4169 cnt, (uint64_t) phdr->p_type); 4170 4171 if (phdr->p_type == PT_LOAD) 4172 has_loadable_segment = true; 4173 else if (phdr->p_type == PT_INTERP) 4174 { 4175 if (++num_pt_interp != 1) 4176 { 4177 if (num_pt_interp == 2) 4178 ERROR (gettext ("\ 4179more than one INTERP entry in program header\n")); 4180 } 4181 has_interp_segment = true; 4182 } 4183 else if (phdr->p_type == PT_TLS) 4184 { 4185 if (++num_pt_tls == 2) 4186 ERROR (gettext ("more than one TLS entry in program header\n")); 4187 } 4188 else if (phdr->p_type == PT_NOTE) 4189 check_note (ebl, ehdr, phdr, cnt); 4190 else if (phdr->p_type == PT_DYNAMIC) 4191 { 4192 if (ehdr->e_type == ET_EXEC && ! has_interp_segment) 4193 ERROR (gettext ("\ 4194static executable cannot have dynamic sections\n")); 4195 else 4196 { 4197 /* Check that the .dynamic section, if it exists, has 4198 the same address. */ 4199 Elf_Scn *scn = NULL; 4200 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4201 { 4202 GElf_Shdr shdr_mem; 4203 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 4204 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC) 4205 { 4206 if (phdr->p_offset != shdr->sh_offset) 4207 ERROR (gettext ("\ 4208dynamic section reference in program header has wrong offset\n")); 4209 if (phdr->p_memsz != shdr->sh_size) 4210 ERROR (gettext ("\ 4211dynamic section size mismatch in program and section header\n")); 4212 break; 4213 } 4214 } 4215 } 4216 } 4217 else if (phdr->p_type == PT_GNU_RELRO) 4218 { 4219 if (++num_pt_relro == 2) 4220 ERROR (gettext ("\ 4221more than one GNU_RELRO entry in program header\n")); 4222 else 4223 { 4224 /* Check that the region is in a writable segment. */ 4225 unsigned int inner; 4226 for (inner = 0; inner < phnum; ++inner) 4227 { 4228 GElf_Phdr phdr2_mem; 4229 GElf_Phdr *phdr2; 4230 4231 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4232 if (phdr2 == NULL) 4233 continue; 4234 4235 if (phdr2->p_type == PT_LOAD 4236 && phdr->p_vaddr >= phdr2->p_vaddr 4237 && (phdr->p_vaddr + phdr->p_memsz 4238 <= phdr2->p_vaddr + phdr2->p_memsz)) 4239 { 4240 if ((phdr2->p_flags & PF_W) == 0) 4241 ERROR (gettext ("\ 4242loadable segment GNU_RELRO applies to is not writable\n")); 4243 if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W)) 4244 ERROR (gettext ("\ 4245loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"), 4246 cnt, inner); 4247 break; 4248 } 4249 } 4250 4251 if (inner >= phnum) 4252 ERROR (gettext ("\ 4253%s segment not contained in a loaded segment\n"), "GNU_RELRO"); 4254 } 4255 } 4256 else if (phdr->p_type == PT_PHDR) 4257 { 4258 /* Check that the region is in a writable segment. */ 4259 unsigned int inner; 4260 for (inner = 0; inner < phnum; ++inner) 4261 { 4262 GElf_Phdr phdr2_mem; 4263 GElf_Phdr *phdr2; 4264 4265 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4266 if (phdr2 != NULL 4267 && phdr2->p_type == PT_LOAD 4268 && phdr->p_vaddr >= phdr2->p_vaddr 4269 && (phdr->p_vaddr + phdr->p_memsz 4270 <= phdr2->p_vaddr + phdr2->p_memsz)) 4271 break; 4272 } 4273 4274 if (inner >= phnum) 4275 ERROR (gettext ("\ 4276%s segment not contained in a loaded segment\n"), "PHDR"); 4277 4278 /* Check that offset in segment corresponds to offset in ELF 4279 header. */ 4280 if (phdr->p_offset != ehdr->e_phoff) 4281 ERROR (gettext ("\ 4282program header offset in ELF header and PHDR entry do not match")); 4283 } 4284 else if (phdr->p_type == PT_GNU_EH_FRAME) 4285 { 4286 /* If there is an .eh_frame_hdr section it must be 4287 referenced by this program header entry. */ 4288 Elf_Scn *scn = NULL; 4289 GElf_Shdr shdr_mem; 4290 GElf_Shdr *shdr = NULL; 4291 bool any = false; 4292 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4293 { 4294 any = true; 4295 shdr = gelf_getshdr (scn, &shdr_mem); 4296 if (shdr != NULL 4297 && shdr->sh_type == (is_debuginfo 4298 ? SHT_NOBITS : SHT_PROGBITS) 4299 && ! strcmp (".eh_frame_hdr", 4300 elf_strptr (ebl->elf, shstrndx, shdr->sh_name))) 4301 { 4302 if (! is_debuginfo) 4303 { 4304 if (phdr->p_offset != shdr->sh_offset) 4305 ERROR (gettext ("\ 4306call frame search table reference in program header has wrong offset\n")); 4307 if (phdr->p_memsz != shdr->sh_size) 4308 ERROR (gettext ("\ 4309call frame search table size mismatch in program and section header\n")); 4310 } 4311 break; 4312 } 4313 } 4314 4315 if (scn == NULL) 4316 { 4317 /* If there is no section header table we don't 4318 complain. But if there is one there should be an 4319 entry for .eh_frame_hdr. */ 4320 if (any) 4321 ERROR (gettext ("\ 4322PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n")); 4323 } 4324 else 4325 { 4326 /* The section must be allocated and not be writable and 4327 executable. */ 4328 if ((phdr->p_flags & PF_R) == 0) 4329 ERROR (gettext ("\ 4330call frame search table must be allocated\n")); 4331 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0) 4332 ERROR (gettext ("\ 4333section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr"); 4334 4335 if ((phdr->p_flags & PF_W) != 0) 4336 ERROR (gettext ("\ 4337call frame search table must not be writable\n")); 4338 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0) 4339 ERROR (gettext ("\ 4340section [%2zu] '%s' must not be writable\n"), 4341 elf_ndxscn (scn), ".eh_frame_hdr"); 4342 4343 if ((phdr->p_flags & PF_X) != 0) 4344 ERROR (gettext ("\ 4345call frame search table must not be executable\n")); 4346 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0) 4347 ERROR (gettext ("\ 4348section [%2zu] '%s' must not be executable\n"), 4349 elf_ndxscn (scn), ".eh_frame_hdr"); 4350 } 4351 4352 /* Remember which entry this is. */ 4353 pt_gnu_eh_frame_pndx = cnt; 4354 } 4355 4356 if (phdr->p_filesz > phdr->p_memsz 4357 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE)) 4358 ERROR (gettext ("\ 4359program header entry %d: file size greater than memory size\n"), 4360 cnt); 4361 4362 if (phdr->p_align > 1) 4363 { 4364 if (!powerof2 (phdr->p_align)) 4365 ERROR (gettext ("\ 4366program header entry %d: alignment not a power of 2\n"), cnt); 4367 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0) 4368 ERROR (gettext ("\ 4369program header entry %d: file offset and virtual address not module of alignment\n"), cnt); 4370 } 4371 } 4372} 4373 4374 4375static void 4376check_exception_data (Ebl *ebl __attribute__ ((unused)), 4377 GElf_Ehdr *ehdr __attribute__ ((unused))) 4378{ 4379 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 4380 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0) 4381 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have " 4382 "a PT_GNU_EH_FRAME program header entry")); 4383} 4384 4385 4386/* Process one file. */ 4387static void 4388process_elf_file (Elf *elf, const char *prefix, const char *suffix, 4389 const char *fname, size_t size, bool only_one) 4390{ 4391 /* Reset variables. */ 4392 ndynamic = 0; 4393 nverneed = 0; 4394 nverdef = 0; 4395 textrel = false; 4396 needed_textrel = false; 4397 has_loadable_segment = false; 4398 has_interp_segment = false; 4399 4400 GElf_Ehdr ehdr_mem; 4401 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem); 4402 Ebl *ebl; 4403 4404 /* Print the file name. */ 4405 if (!only_one) 4406 { 4407 if (prefix != NULL) 4408 printf ("\n%s(%s)%s:\n", prefix, fname, suffix); 4409 else 4410 printf ("\n%s:\n", fname); 4411 } 4412 4413 if (ehdr == NULL) 4414 { 4415 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1)); 4416 return; 4417 } 4418 4419 ebl = ebl_openbackend (elf); 4420 /* If there is no appropriate backend library we cannot test 4421 architecture and OS specific features. Any encountered extension 4422 is an error. */ 4423 4424 /* Go straight by the gABI, check all the parts in turn. */ 4425 check_elf_header (ebl, ehdr, size); 4426 4427 /* Check the program header. */ 4428 check_program_header (ebl, ehdr); 4429 4430 /* Next the section headers. It is OK if there are no section 4431 headers at all. */ 4432 check_sections (ebl, ehdr); 4433 4434 /* Check the exception handling data, if it exists. */ 4435 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0 4436 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0) 4437 check_exception_data (ebl, ehdr); 4438 4439 /* Report if no relocation section needed the text relocation flag. */ 4440 if (textrel && !needed_textrel) 4441 ERROR (gettext ("text relocation flag set but not needed\n")); 4442 4443 /* Free the resources. */ 4444 ebl_closebackend (ebl); 4445} 4446 4447 4448#include "debugpred.h" 4449