1 /* Pedantic checking of ELF files compliance with gABI/psABI spec. 2 Copyright (C) 2001-2012 Red Hat, Inc. 3 This file is part of Red Hat elfutils. 4 Written by Ulrich Drepper <drepper (at) redhat.com>, 2001. 5 6 Red Hat elfutils is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by the 8 Free Software Foundation; version 2 of the License. 9 10 Red Hat elfutils is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 General Public License for more details. 14 15 You should have received a copy of the GNU General Public License along 16 with Red Hat elfutils; if not, write to the Free Software Foundation, 17 Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA. 18 19 Red Hat elfutils is an included package of the Open Invention Network. 20 An included package of the Open Invention Network is a package for which 21 Open Invention Network licensees cross-license their patents. No patent 22 license is granted, either expressly or impliedly, by designation as an 23 included package. Should you wish to participate in the Open Invention 24 Network licensing program, please visit www.openinventionnetwork.com 25 <http://www.openinventionnetwork.com>. */ 26 27 #ifdef HAVE_CONFIG_H 28 # include <config.h> 29 #endif 30 31 #include <argp.h> 32 #include <assert.h> 33 #include <byteswap.h> 34 #include <endian.h> 35 #include <error.h> 36 #include <fcntl.h> 37 #include <gelf.h> 38 #include <inttypes.h> 39 #include <libintl.h> 40 #include <locale.h> 41 #include <stdbool.h> 42 #include <stdlib.h> 43 #include <string.h> 44 #include <unistd.h> 45 #include <sys/stat.h> 46 #include <sys/param.h> 47 48 #include <elf-knowledge.h> 49 #include <system.h> 50 #include "../libelf/libelfP.h" 51 #include "../libelf/common.h" 52 #include "../libebl/libeblP.h" 53 #include "../libdw/libdwP.h" 54 #include "../libdwfl/libdwflP.h" 55 #include "../libdw/memory-access.h" 56 57 58 /* Name and version of program. */ 59 static void print_version (FILE *stream, struct argp_state *state); 60 ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; 61 62 /* Bug report address. */ 63 ARGP_PROGRAM_BUG_ADDRESS_DEF = PACKAGE_BUGREPORT; 64 65 #define ARGP_strict 300 66 #define ARGP_gnuld 301 67 68 /* Definitions of arguments for argp functions. */ 69 static const struct argp_option options[] = 70 { 71 { "strict", ARGP_strict, NULL, 0, 72 N_("Be extremely strict, flag level 2 features."), 0 }, 73 { "quiet", 'q', NULL, 0, N_("Do not print anything if successful"), 0 }, 74 { "debuginfo", 'd', NULL, 0, N_("Binary is a separate debuginfo file"), 0 }, 75 { "gnu-ld", ARGP_gnuld, NULL, 0, 76 N_("Binary has been created with GNU ld and is therefore known to be \ 77 broken in certain ways"), 0 }, 78 { NULL, 0, NULL, 0, NULL, 0 } 79 }; 80 81 /* Short description of program. */ 82 static const char doc[] = N_("\ 83 Pedantic checking of ELF files compliance with gABI/psABI spec."); 84 85 /* Strings for arguments in help texts. */ 86 static const char args_doc[] = N_("FILE..."); 87 88 /* Prototype for option handler. */ 89 static error_t parse_opt (int key, char *arg, struct argp_state *state); 90 91 /* Data structure to communicate with argp functions. */ 92 static struct argp argp = 93 { 94 options, parse_opt, args_doc, doc, NULL, NULL, NULL 95 }; 96 97 98 /* Declarations of local functions. */ 99 static void process_file (int fd, Elf *elf, const char *prefix, 100 const char *suffix, const char *fname, size_t size, 101 bool only_one); 102 static void process_elf_file (Elf *elf, const char *prefix, const char *suffix, 103 const char *fname, size_t size, bool only_one); 104 static void check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, 105 GElf_Shdr *shdr, int idx); 106 107 108 /* Report an error. */ 109 #define ERROR(str, args...) \ 110 do { \ 111 printf (str, ##args); \ 112 ++error_count; \ 113 } while (0) 114 static unsigned int error_count; 115 116 /* True if we should perform very strict testing. */ 117 static bool be_strict; 118 119 /* True if no message is to be printed if the run is succesful. */ 120 static bool be_quiet; 121 122 /* True if binary is from strip -f, not a normal ELF file. */ 123 static bool is_debuginfo; 124 125 /* True if binary is assumed to be generated with GNU ld. */ 126 static bool gnuld; 127 128 /* Index of section header string table. */ 129 static uint32_t shstrndx; 130 131 /* Array to count references in section groups. */ 132 static int *scnref; 133 134 135 int 136 main (int argc, char *argv[]) 137 { 138 /* Set locale. */ 139 setlocale (LC_ALL, ""); 140 141 /* Initialize the message catalog. */ 142 textdomain (PACKAGE_TARNAME); 143 144 /* Parse and process arguments. */ 145 int remaining; 146 argp_parse (&argp, argc, argv, 0, &remaining, NULL); 147 148 /* Before we start tell the ELF library which version we are using. */ 149 elf_version (EV_CURRENT); 150 151 /* Now process all the files given at the command line. */ 152 bool only_one = remaining + 1 == argc; 153 do 154 { 155 /* Open the file. */ 156 int fd = open (argv[remaining], O_RDONLY); 157 if (fd == -1) 158 { 159 error (0, errno, gettext ("cannot open input file")); 160 continue; 161 } 162 163 /* Create an `Elf' descriptor. */ 164 Elf *elf = elf_begin (fd, ELF_C_READ_MMAP, NULL); 165 if (elf == NULL) 166 ERROR (gettext ("cannot generate Elf descriptor: %s\n"), 167 elf_errmsg (-1)); 168 else 169 { 170 unsigned int prev_error_count = error_count; 171 struct stat64 st; 172 173 if (fstat64 (fd, &st) != 0) 174 { 175 printf ("cannot stat '%s': %m\n", argv[remaining]); 176 close (fd); 177 continue; 178 } 179 180 process_file (fd, elf, NULL, NULL, argv[remaining], st.st_size, 181 only_one); 182 183 /* Now we can close the descriptor. */ 184 if (elf_end (elf) != 0) 185 ERROR (gettext ("error while closing Elf descriptor: %s\n"), 186 elf_errmsg (-1)); 187 188 if (prev_error_count == error_count && !be_quiet) 189 puts (gettext ("No errors")); 190 } 191 192 close (fd); 193 } 194 while (++remaining < argc); 195 196 return error_count != 0; 197 } 198 199 200 /* Handle program arguments. */ 201 static error_t 202 parse_opt (int key, char *arg __attribute__ ((unused)), 203 struct argp_state *state __attribute__ ((unused))) 204 { 205 switch (key) 206 { 207 case ARGP_strict: 208 be_strict = true; 209 break; 210 211 case 'q': 212 be_quiet = true; 213 break; 214 215 case 'd': 216 is_debuginfo = true; 217 218 case ARGP_gnuld: 219 gnuld = true; 220 break; 221 222 case ARGP_KEY_NO_ARGS: 223 fputs (gettext ("Missing file name.\n"), stderr); 224 argp_help (&argp, stderr, ARGP_HELP_SEE, program_invocation_short_name); 225 exit (EXIT_FAILURE); 226 227 default: 228 return ARGP_ERR_UNKNOWN; 229 } 230 return 0; 231 } 232 233 234 /* Print the version information. */ 235 static void 236 print_version (FILE *stream, struct argp_state *state __attribute__ ((unused))) 237 { 238 fprintf (stream, "elflint (%s) %s\n", PACKAGE_NAME, PACKAGE_VERSION); 239 fprintf (stream, gettext ("\ 240 Copyright (C) %s Red Hat, Inc.\n\ 241 This is free software; see the source for copying conditions. There is NO\n\ 242 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ 243 "), "2012"); 244 fprintf (stream, gettext ("Written by %s.\n"), "Ulrich Drepper"); 245 } 246 247 248 /* Process one file. */ 249 static void 250 process_file (int fd, Elf *elf, const char *prefix, const char *suffix, 251 const char *fname, size_t size, bool only_one) 252 { 253 /* We can handle two types of files: ELF files and archives. */ 254 Elf_Kind kind = elf_kind (elf); 255 256 switch (kind) 257 { 258 case ELF_K_ELF: 259 /* Yes! It's an ELF file. */ 260 process_elf_file (elf, prefix, suffix, fname, size, only_one); 261 break; 262 263 case ELF_K_AR: 264 { 265 Elf *subelf; 266 Elf_Cmd cmd = ELF_C_READ_MMAP; 267 size_t prefix_len = prefix == NULL ? 0 : strlen (prefix); 268 size_t fname_len = strlen (fname) + 1; 269 char new_prefix[prefix_len + 1 + fname_len]; 270 char new_suffix[(suffix == NULL ? 0 : strlen (suffix)) + 2]; 271 char *cp = new_prefix; 272 273 /* Create the full name of the file. */ 274 if (prefix != NULL) 275 { 276 cp = mempcpy (cp, prefix, prefix_len); 277 *cp++ = '('; 278 strcpy (stpcpy (new_suffix, suffix), ")"); 279 } 280 else 281 new_suffix[0] = '\0'; 282 memcpy (cp, fname, fname_len); 283 284 /* It's an archive. We process each file in it. */ 285 while ((subelf = elf_begin (fd, cmd, elf)) != NULL) 286 { 287 kind = elf_kind (subelf); 288 289 /* Call this function recursively. */ 290 if (kind == ELF_K_ELF || kind == ELF_K_AR) 291 { 292 Elf_Arhdr *arhdr = elf_getarhdr (subelf); 293 assert (arhdr != NULL); 294 295 process_file (fd, subelf, new_prefix, new_suffix, 296 arhdr->ar_name, arhdr->ar_size, false); 297 } 298 299 /* Get next archive element. */ 300 cmd = elf_next (subelf); 301 if (elf_end (subelf) != 0) 302 ERROR (gettext (" error while freeing sub-ELF descriptor: %s\n"), 303 elf_errmsg (-1)); 304 } 305 } 306 break; 307 308 default: 309 /* We cannot do anything. */ 310 ERROR (gettext ("\ 311 Not an ELF file - it has the wrong magic bytes at the start\n")); 312 break; 313 } 314 } 315 316 317 static const char * 318 section_name (Ebl *ebl, int idx) 319 { 320 GElf_Shdr shdr_mem; 321 GElf_Shdr *shdr; 322 323 shdr = gelf_getshdr (elf_getscn (ebl->elf, idx), &shdr_mem); 324 325 return elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 326 } 327 328 329 static const int valid_e_machine[] = 330 { 331 EM_M32, EM_SPARC, EM_386, EM_68K, EM_88K, EM_860, EM_MIPS, EM_S370, 332 EM_MIPS_RS3_LE, EM_PARISC, EM_VPP500, EM_SPARC32PLUS, EM_960, EM_PPC, 333 EM_PPC64, EM_S390, EM_V800, EM_FR20, EM_RH32, EM_RCE, EM_ARM, 334 EM_FAKE_ALPHA, EM_SH, EM_SPARCV9, EM_TRICORE, EM_ARC, EM_H8_300, 335 EM_H8_300H, EM_H8S, EM_H8_500, EM_IA_64, EM_MIPS_X, EM_COLDFIRE, 336 EM_68HC12, EM_MMA, EM_PCP, EM_NCPU, EM_NDR1, EM_STARCORE, EM_ME16, 337 EM_ST100, EM_TINYJ, EM_X86_64, EM_PDSP, EM_FX66, EM_ST9PLUS, EM_ST7, 338 EM_68HC16, EM_68HC11, EM_68HC08, EM_68HC05, EM_SVX, EM_ST19, EM_VAX, 339 EM_CRIS, EM_JAVELIN, EM_FIREPATH, EM_ZSP, EM_MMIX, EM_HUANY, EM_PRISM, 340 EM_AVR, EM_FR30, EM_D10V, EM_D30V, EM_V850, EM_M32R, EM_MN10300, 341 EM_MN10200, EM_PJ, EM_OPENRISC, EM_ARC_A5, EM_XTENSA, EM_ALPHA 342 }; 343 #define nvalid_e_machine \ 344 (sizeof (valid_e_machine) / sizeof (valid_e_machine[0])) 345 346 347 /* Numbers of sections and program headers. */ 348 static unsigned int shnum; 349 static unsigned int phnum; 350 351 352 static void 353 check_elf_header (Ebl *ebl, GElf_Ehdr *ehdr, size_t size) 354 { 355 char buf[512]; 356 size_t cnt; 357 358 /* Check e_ident field. */ 359 if (ehdr->e_ident[EI_MAG0] != ELFMAG0) 360 ERROR ("e_ident[%d] != '%c'\n", EI_MAG0, ELFMAG0); 361 if (ehdr->e_ident[EI_MAG1] != ELFMAG1) 362 ERROR ("e_ident[%d] != '%c'\n", EI_MAG1, ELFMAG1); 363 if (ehdr->e_ident[EI_MAG2] != ELFMAG2) 364 ERROR ("e_ident[%d] != '%c'\n", EI_MAG2, ELFMAG2); 365 if (ehdr->e_ident[EI_MAG3] != ELFMAG3) 366 ERROR ("e_ident[%d] != '%c'\n", EI_MAG3, ELFMAG3); 367 368 if (ehdr->e_ident[EI_CLASS] != ELFCLASS32 369 && ehdr->e_ident[EI_CLASS] != ELFCLASS64) 370 ERROR (gettext ("e_ident[%d] == %d is no known class\n"), 371 EI_CLASS, ehdr->e_ident[EI_CLASS]); 372 373 if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB 374 && ehdr->e_ident[EI_DATA] != ELFDATA2MSB) 375 ERROR (gettext ("e_ident[%d] == %d is no known data encoding\n"), 376 EI_DATA, ehdr->e_ident[EI_DATA]); 377 378 if (ehdr->e_ident[EI_VERSION] != EV_CURRENT) 379 ERROR (gettext ("unknown ELF header version number e_ident[%d] == %d\n"), 380 EI_VERSION, ehdr->e_ident[EI_VERSION]); 381 382 /* We currently don't handle any OS ABIs other than Linux. */ 383 if (ehdr->e_ident[EI_OSABI] != ELFOSABI_NONE 384 && ehdr->e_ident[EI_OSABI] != ELFOSABI_LINUX) 385 ERROR (gettext ("unsupported OS ABI e_ident[%d] == '%s'\n"), 386 EI_OSABI, 387 ebl_osabi_name (ebl, ehdr->e_ident[EI_OSABI], buf, sizeof (buf))); 388 389 /* No ABI versions other than zero supported either. */ 390 if (ehdr->e_ident[EI_ABIVERSION] != 0) 391 ERROR (gettext ("unsupport ABI version e_ident[%d] == %d\n"), 392 EI_ABIVERSION, ehdr->e_ident[EI_ABIVERSION]); 393 394 for (cnt = EI_PAD; cnt < EI_NIDENT; ++cnt) 395 if (ehdr->e_ident[cnt] != 0) 396 ERROR (gettext ("e_ident[%zu] is not zero\n"), cnt); 397 398 /* Check the e_type field. */ 399 if (ehdr->e_type != ET_REL && ehdr->e_type != ET_EXEC 400 && ehdr->e_type != ET_DYN && ehdr->e_type != ET_CORE) 401 ERROR (gettext ("unknown object file type %d\n"), ehdr->e_type); 402 403 /* Check the e_machine field. */ 404 for (cnt = 0; cnt < nvalid_e_machine; ++cnt) 405 if (valid_e_machine[cnt] == ehdr->e_machine) 406 break; 407 if (cnt == nvalid_e_machine) 408 ERROR (gettext ("unknown machine type %d\n"), ehdr->e_machine); 409 410 /* Check the e_version field. */ 411 if (ehdr->e_version != EV_CURRENT) 412 ERROR (gettext ("unknown object file version\n")); 413 414 /* Check the e_phoff and e_phnum fields. */ 415 if (ehdr->e_phoff == 0) 416 { 417 if (ehdr->e_phnum != 0) 418 ERROR (gettext ("invalid program header offset\n")); 419 else if (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 420 ERROR (gettext ("\ 421 executables and DSOs cannot have zero program header offset\n")); 422 } 423 else if (ehdr->e_phnum == 0) 424 ERROR (gettext ("invalid number of program header entries\n")); 425 426 /* Check the e_shoff field. */ 427 shnum = ehdr->e_shnum; 428 shstrndx = ehdr->e_shstrndx; 429 if (ehdr->e_shoff == 0) 430 { 431 if (ehdr->e_shnum != 0) 432 ERROR (gettext ("invalid section header table offset\n")); 433 else if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 434 && ehdr->e_type != ET_CORE) 435 ERROR (gettext ("section header table must be present\n")); 436 } 437 else 438 { 439 if (ehdr->e_shnum == 0) 440 { 441 /* Get the header of the zeroth section. The sh_size field 442 might contain the section number. */ 443 GElf_Shdr shdr_mem; 444 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 445 if (shdr != NULL) 446 { 447 /* The error will be reported later. */ 448 if (shdr->sh_size == 0) 449 ERROR (gettext ("\ 450 invalid number of section header table entries\n")); 451 else 452 shnum = shdr->sh_size; 453 } 454 } 455 456 if (ehdr->e_shstrndx == SHN_XINDEX) 457 { 458 /* Get the header of the zeroth section. The sh_size field 459 might contain the section number. */ 460 GElf_Shdr shdr_mem; 461 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 462 if (shdr != NULL && shdr->sh_link < shnum) 463 shstrndx = shdr->sh_link; 464 } 465 else if (shstrndx >= shnum) 466 ERROR (gettext ("invalid section header index\n")); 467 } 468 469 phnum = ehdr->e_phnum; 470 if (ehdr->e_phnum == PN_XNUM) 471 { 472 /* Get the header of the zeroth section. The sh_info field 473 might contain the phnum count. */ 474 GElf_Shdr shdr_mem; 475 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 476 if (shdr != NULL) 477 { 478 /* The error will be reported later. */ 479 if (shdr->sh_info < PN_XNUM) 480 ERROR (gettext ("\ 481 invalid number of program header table entries\n")); 482 else 483 phnum = shdr->sh_info; 484 } 485 } 486 487 /* Check the e_flags field. */ 488 if (!ebl_machine_flag_check (ebl, ehdr->e_flags)) 489 ERROR (gettext ("invalid machine flags: %s\n"), 490 ebl_machine_flag_name (ebl, ehdr->e_flags, buf, sizeof (buf))); 491 492 /* Check e_ehsize, e_phentsize, and e_shentsize fields. */ 493 if (gelf_getclass (ebl->elf) == ELFCLASS32) 494 { 495 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf32_Ehdr)) 496 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 497 498 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf32_Phdr)) 499 ERROR (gettext ("invalid program header size: %hd\n"), 500 ehdr->e_phentsize); 501 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 502 ERROR (gettext ("invalid program header position or size\n")); 503 504 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf32_Shdr)) 505 ERROR (gettext ("invalid section header size: %hd\n"), 506 ehdr->e_shentsize); 507 else if (ehdr->e_shoff + shnum * ehdr->e_shentsize > size) 508 ERROR (gettext ("invalid section header position or size\n")); 509 } 510 else if (gelf_getclass (ebl->elf) == ELFCLASS64) 511 { 512 if (ehdr->e_ehsize != 0 && ehdr->e_ehsize != sizeof (Elf64_Ehdr)) 513 ERROR (gettext ("invalid ELF header size: %hd\n"), ehdr->e_ehsize); 514 515 if (ehdr->e_phentsize != 0 && ehdr->e_phentsize != sizeof (Elf64_Phdr)) 516 ERROR (gettext ("invalid program header size: %hd\n"), 517 ehdr->e_phentsize); 518 else if (ehdr->e_phoff + phnum * ehdr->e_phentsize > size) 519 ERROR (gettext ("invalid program header position or size\n")); 520 521 if (ehdr->e_shentsize != 0 && ehdr->e_shentsize != sizeof (Elf64_Shdr)) 522 ERROR (gettext ("invalid section header size: %hd\n"), 523 ehdr->e_shentsize); 524 else if (ehdr->e_shoff + ehdr->e_shnum * ehdr->e_shentsize > size) 525 ERROR (gettext ("invalid section header position or size\n")); 526 } 527 } 528 529 530 /* Check that there is a section group section with index < IDX which 531 contains section IDX and that there is exactly one. */ 532 static void 533 check_scn_group (Ebl *ebl, int idx) 534 { 535 if (scnref[idx] == 0) 536 { 537 /* No reference so far. Search following sections, maybe the 538 order is wrong. */ 539 size_t cnt; 540 541 for (cnt = idx + 1; cnt < shnum; ++cnt) 542 { 543 Elf_Scn *scn = elf_getscn (ebl->elf, cnt); 544 GElf_Shdr shdr_mem; 545 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 546 if (shdr == NULL) 547 /* We cannot get the section header so we cannot check it. 548 The error to get the section header will be shown 549 somewhere else. */ 550 continue; 551 552 if (shdr->sh_type != SHT_GROUP) 553 continue; 554 555 Elf_Data *data = elf_getdata (scn, NULL); 556 if (data == NULL || data->d_size < sizeof (Elf32_Word)) 557 /* Cannot check the section. */ 558 continue; 559 560 Elf32_Word *grpdata = (Elf32_Word *) data->d_buf; 561 for (size_t inner = 1; inner < data->d_size / sizeof (Elf32_Word); 562 ++inner) 563 if (grpdata[inner] == (Elf32_Word) idx) 564 goto out; 565 } 566 567 out: 568 if (cnt == shnum) 569 ERROR (gettext ("\ 570 section [%2d] '%s': section with SHF_GROUP flag set not part of a section group\n"), 571 idx, section_name (ebl, idx)); 572 else 573 ERROR (gettext ("\ 574 section [%2d] '%s': section group [%2zu] '%s' does not precede group member\n"), 575 idx, section_name (ebl, idx), 576 cnt, section_name (ebl, cnt)); 577 } 578 } 579 580 581 static void 582 check_symtab (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 583 { 584 bool no_xndx_warned = false; 585 int no_pt_tls = 0; 586 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 587 if (data == NULL) 588 { 589 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 590 idx, section_name (ebl, idx)); 591 return; 592 } 593 594 GElf_Shdr strshdr_mem; 595 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 596 &strshdr_mem); 597 if (strshdr == NULL) 598 return; 599 600 if (strshdr->sh_type != SHT_STRTAB) 601 { 602 ERROR (gettext ("section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 603 shdr->sh_link, section_name (ebl, shdr->sh_link), 604 idx, section_name (ebl, idx)); 605 strshdr = NULL; 606 } 607 608 /* Search for an extended section index table section. */ 609 Elf_Data *xndxdata = NULL; 610 Elf32_Word xndxscnidx = 0; 611 bool found_xndx = false; 612 for (size_t cnt = 1; cnt < shnum; ++cnt) 613 if (cnt != (size_t) idx) 614 { 615 Elf_Scn *xndxscn = elf_getscn (ebl->elf, cnt); 616 GElf_Shdr xndxshdr_mem; 617 GElf_Shdr *xndxshdr = gelf_getshdr (xndxscn, &xndxshdr_mem); 618 if (xndxshdr == NULL) 619 continue; 620 621 if (xndxshdr->sh_type == SHT_SYMTAB_SHNDX 622 && xndxshdr->sh_link == (GElf_Word) idx) 623 { 624 if (found_xndx) 625 ERROR (gettext ("\ 626 section [%2d] '%s': symbol table cannot have more than one extended index section\n"), 627 idx, section_name (ebl, idx)); 628 629 xndxdata = elf_getdata (xndxscn, NULL); 630 xndxscnidx = elf_ndxscn (xndxscn); 631 found_xndx = true; 632 } 633 } 634 635 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT)) 636 ERROR (gettext ("\ 637 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"), 638 idx, section_name (ebl, idx)); 639 640 /* Test the zeroth entry. */ 641 GElf_Sym sym_mem; 642 Elf32_Word xndx; 643 GElf_Sym *sym = gelf_getsymshndx (data, xndxdata, 0, &sym_mem, &xndx); 644 if (sym == NULL) 645 ERROR (gettext ("section [%2d] '%s': cannot get symbol %d: %s\n"), 646 idx, section_name (ebl, idx), 0, elf_errmsg (-1)); 647 else 648 { 649 if (sym->st_name != 0) 650 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 651 idx, section_name (ebl, idx), "st_name"); 652 if (sym->st_value != 0) 653 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 654 idx, section_name (ebl, idx), "st_value"); 655 if (sym->st_size != 0) 656 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 657 idx, section_name (ebl, idx), "st_size"); 658 if (sym->st_info != 0) 659 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 660 idx, section_name (ebl, idx), "st_info"); 661 if (sym->st_other != 0) 662 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 663 idx, section_name (ebl, idx), "st_other"); 664 if (sym->st_shndx != 0) 665 ERROR (gettext ("section [%2d] '%s': '%s' in zeroth entry not zero\n"), 666 idx, section_name (ebl, idx), "st_shndx"); 667 if (xndxdata != NULL && xndx != 0) 668 ERROR (gettext ("\ 669 section [%2d] '%s': XINDEX for zeroth entry not zero\n"), 670 xndxscnidx, section_name (ebl, xndxscnidx)); 671 } 672 673 for (size_t cnt = 1; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 674 { 675 sym = gelf_getsymshndx (data, xndxdata, cnt, &sym_mem, &xndx); 676 if (sym == NULL) 677 { 678 ERROR (gettext ("section [%2d] '%s': cannot get symbol %zu: %s\n"), 679 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 680 continue; 681 } 682 683 const char *name = NULL; 684 if (strshdr == NULL) 685 name = ""; 686 else if (sym->st_name >= strshdr->sh_size) 687 ERROR (gettext ("\ 688 section [%2d] '%s': symbol %zu: invalid name value\n"), 689 idx, section_name (ebl, idx), cnt); 690 else 691 { 692 name = elf_strptr (ebl->elf, shdr->sh_link, sym->st_name); 693 assert (name != NULL); 694 } 695 696 if (sym->st_shndx == SHN_XINDEX) 697 { 698 if (xndxdata == NULL) 699 { 700 if (!no_xndx_warned) 701 ERROR (gettext ("\ 702 section [%2d] '%s': symbol %zu: too large section index but no extended section index section\n"), 703 idx, section_name (ebl, idx), cnt); 704 no_xndx_warned = true; 705 } 706 else if (xndx < SHN_LORESERVE) 707 ERROR (gettext ("\ 708 section [%2d] '%s': symbol %zu: XINDEX used for index which would fit in st_shndx (%" PRIu32 ")\n"), 709 xndxscnidx, section_name (ebl, xndxscnidx), cnt, 710 xndx); 711 } 712 else if ((sym->st_shndx >= SHN_LORESERVE 713 // && sym->st_shndx <= SHN_HIRESERVE always true 714 && sym->st_shndx != SHN_ABS 715 && sym->st_shndx != SHN_COMMON) 716 || (sym->st_shndx >= shnum 717 && (sym->st_shndx < SHN_LORESERVE 718 /* || sym->st_shndx > SHN_HIRESERVE always false */))) 719 ERROR (gettext ("\ 720 section [%2d] '%s': symbol %zu: invalid section index\n"), 721 idx, section_name (ebl, idx), cnt); 722 else 723 xndx = sym->st_shndx; 724 725 if (GELF_ST_TYPE (sym->st_info) >= STT_NUM 726 && !ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), NULL, 0)) 727 ERROR (gettext ("section [%2d] '%s': symbol %zu: unknown type\n"), 728 idx, section_name (ebl, idx), cnt); 729 730 if (GELF_ST_BIND (sym->st_info) >= STB_NUM 731 && !ebl_symbol_binding_name (ebl, GELF_ST_BIND (sym->st_info), NULL, 732 0)) 733 ERROR (gettext ("\ 734 section [%2d] '%s': symbol %zu: unknown symbol binding\n"), 735 idx, section_name (ebl, idx), cnt); 736 if (GELF_ST_BIND (sym->st_info) == STB_GNU_UNIQUE 737 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 738 ERROR (gettext ("\ 739 section [%2d] '%s': symbol %zu: unique symbol not of object type\n"), 740 idx, section_name (ebl, idx), cnt); 741 742 if (xndx == SHN_COMMON) 743 { 744 /* Common symbols can only appear in relocatable files. */ 745 if (ehdr->e_type != ET_REL) 746 ERROR (gettext ("\ 747 section [%2d] '%s': symbol %zu: COMMON only allowed in relocatable files\n"), 748 idx, section_name (ebl, idx), cnt); 749 if (cnt < shdr->sh_info) 750 ERROR (gettext ("\ 751 section [%2d] '%s': symbol %zu: local COMMON symbols are nonsense\n"), 752 idx, section_name (ebl, idx), cnt); 753 if (GELF_R_TYPE (sym->st_info) == STT_FUNC) 754 ERROR (gettext ("\ 755 section [%2d] '%s': symbol %zu: function in COMMON section is nonsense\n"), 756 idx, section_name (ebl, idx), cnt); 757 } 758 else if (xndx > 0 && xndx < shnum) 759 { 760 GElf_Shdr destshdr_mem; 761 GElf_Shdr *destshdr; 762 763 destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), &destshdr_mem); 764 if (destshdr != NULL) 765 { 766 GElf_Addr sh_addr = (ehdr->e_type == ET_REL ? 0 767 : destshdr->sh_addr); 768 if (GELF_ST_TYPE (sym->st_info) != STT_TLS) 769 { 770 if (! ebl_check_special_symbol (ebl, ehdr, sym, name, 771 destshdr)) 772 { 773 if (sym->st_value - sh_addr > destshdr->sh_size) 774 { 775 /* GNU ld has severe bugs. When it decides to remove 776 empty sections it leaves symbols referencing them 777 behind. These are symbols in .symtab. */ 778 if (!gnuld 779 || strcmp (section_name (ebl, idx), ".symtab") 780 || (strcmp (name, "__preinit_array_start") != 0 781 && strcmp (name, "__preinit_array_end") != 0 782 && strcmp (name, "__init_array_start") != 0 783 && strcmp (name, "__init_array_end") != 0 784 && strcmp (name, "__fini_array_start") != 0 785 && strcmp (name, "__fini_array_end") != 0)) 786 ERROR (gettext ("\ 787 section [%2d] '%s': symbol %zu: st_value out of bounds\n"), 788 idx, section_name (ebl, idx), cnt); 789 } 790 else if ((sym->st_value - sh_addr 791 + sym->st_size) > destshdr->sh_size) 792 ERROR (gettext ("\ 793 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 794 idx, section_name (ebl, idx), cnt, 795 (int) xndx, section_name (ebl, xndx)); 796 } 797 } 798 else 799 { 800 if ((destshdr->sh_flags & SHF_TLS) == 0) 801 ERROR (gettext ("\ 802 section [%2d] '%s': symbol %zu: referenced section [%2d] '%s' does not have SHF_TLS flag set\n"), 803 idx, section_name (ebl, idx), cnt, 804 (int) xndx, section_name (ebl, xndx)); 805 806 if (ehdr->e_type == ET_REL) 807 { 808 /* For object files the symbol value must fall 809 into the section. */ 810 if (sym->st_value > destshdr->sh_size) 811 ERROR (gettext ("\ 812 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 813 idx, section_name (ebl, idx), cnt, 814 (int) xndx, section_name (ebl, xndx)); 815 else if (sym->st_value + sym->st_size 816 > destshdr->sh_size) 817 ERROR (gettext ("\ 818 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 819 idx, section_name (ebl, idx), cnt, 820 (int) xndx, section_name (ebl, xndx)); 821 } 822 else 823 { 824 GElf_Phdr phdr_mem; 825 GElf_Phdr *phdr = NULL; 826 unsigned int pcnt; 827 828 for (pcnt = 0; pcnt < phnum; ++pcnt) 829 { 830 phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 831 if (phdr != NULL && phdr->p_type == PT_TLS) 832 break; 833 } 834 835 if (pcnt == phnum) 836 { 837 if (no_pt_tls++ == 0) 838 ERROR (gettext ("\ 839 section [%2d] '%s': symbol %zu: TLS symbol but no TLS program header entry\n"), 840 idx, section_name (ebl, idx), cnt); 841 } 842 else 843 { 844 if (sym->st_value 845 < destshdr->sh_offset - phdr->p_offset) 846 ERROR (gettext ("\ 847 section [%2d] '%s': symbol %zu: st_value short of referenced section [%2d] '%s'\n"), 848 idx, section_name (ebl, idx), cnt, 849 (int) xndx, section_name (ebl, xndx)); 850 else if (sym->st_value 851 > (destshdr->sh_offset - phdr->p_offset 852 + destshdr->sh_size)) 853 ERROR (gettext ("\ 854 section [%2d] '%s': symbol %zu: st_value out of bounds of referenced section [%2d] '%s'\n"), 855 idx, section_name (ebl, idx), cnt, 856 (int) xndx, section_name (ebl, xndx)); 857 else if (sym->st_value + sym->st_size 858 > (destshdr->sh_offset - phdr->p_offset 859 + destshdr->sh_size)) 860 ERROR (gettext ("\ 861 section [%2d] '%s': symbol %zu does not fit completely in referenced section [%2d] '%s'\n"), 862 idx, section_name (ebl, idx), cnt, 863 (int) xndx, section_name (ebl, xndx)); 864 } 865 } 866 } 867 } 868 } 869 870 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 871 { 872 if (cnt >= shdr->sh_info) 873 ERROR (gettext ("\ 874 section [%2d] '%s': symbol %zu: local symbol outside range described in sh_info\n"), 875 idx, section_name (ebl, idx), cnt); 876 } 877 else 878 { 879 if (cnt < shdr->sh_info) 880 ERROR (gettext ("\ 881 section [%2d] '%s': symbol %zu: non-local symbol outside range described in sh_info\n"), 882 idx, section_name (ebl, idx), cnt); 883 } 884 885 if (GELF_ST_TYPE (sym->st_info) == STT_SECTION 886 && GELF_ST_BIND (sym->st_info) != STB_LOCAL) 887 ERROR (gettext ("\ 888 section [%2d] '%s': symbol %zu: non-local section symbol\n"), 889 idx, section_name (ebl, idx), cnt); 890 891 if (name != NULL) 892 { 893 if (strcmp (name, "_GLOBAL_OFFSET_TABLE_") == 0) 894 { 895 /* Check that address and size match the global offset table. */ 896 897 GElf_Shdr destshdr_mem; 898 GElf_Shdr *destshdr = gelf_getshdr (elf_getscn (ebl->elf, xndx), 899 &destshdr_mem); 900 901 if (destshdr == NULL && xndx == SHN_ABS) 902 { 903 /* In a DSO, we have to find the GOT section by name. */ 904 Elf_Scn *gotscn = NULL; 905 Elf_Scn *gscn = NULL; 906 while ((gscn = elf_nextscn (ebl->elf, gscn)) != NULL) 907 { 908 destshdr = gelf_getshdr (gscn, &destshdr_mem); 909 assert (destshdr != NULL); 910 const char *sname = elf_strptr (ebl->elf, 911 ehdr->e_shstrndx, 912 destshdr->sh_name); 913 if (sname != NULL) 914 { 915 if (strcmp (sname, ".got.plt") == 0) 916 break; 917 if (strcmp (sname, ".got") == 0) 918 /* Do not stop looking. 919 There might be a .got.plt section. */ 920 gotscn = gscn; 921 } 922 923 destshdr = NULL; 924 } 925 926 if (destshdr == NULL && gotscn != NULL) 927 destshdr = gelf_getshdr (gotscn, &destshdr_mem); 928 } 929 930 const char *sname = ((destshdr == NULL || xndx == SHN_UNDEF) 931 ? NULL 932 : elf_strptr (ebl->elf, ehdr->e_shstrndx, 933 destshdr->sh_name)); 934 if (sname == NULL) 935 { 936 if (xndx != SHN_UNDEF || ehdr->e_type != ET_REL) 937 ERROR (gettext ("\ 938 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 939 bad section [%2d]\n"), 940 idx, section_name (ebl, idx), xndx); 941 } 942 else if (strcmp (sname, ".got.plt") != 0 943 && strcmp (sname, ".got") != 0) 944 ERROR (gettext ("\ 945 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol refers to \ 946 section [%2d] '%s'\n"), 947 idx, section_name (ebl, idx), xndx, sname); 948 949 if (destshdr != NULL) 950 { 951 /* Found it. */ 952 if (!ebl_check_special_symbol (ebl, ehdr, sym, name, 953 destshdr)) 954 { 955 if (ehdr->e_type != ET_REL 956 && sym->st_value != destshdr->sh_addr) 957 /* This test is more strict than the psABIs which 958 usually allow the symbol to be in the middle of 959 the .got section, allowing negative offsets. */ 960 ERROR (gettext ("\ 961 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol value %#" PRIx64 " does not match %s section address %#" PRIx64 "\n"), 962 idx, section_name (ebl, idx), 963 (uint64_t) sym->st_value, 964 sname, (uint64_t) destshdr->sh_addr); 965 966 if (!gnuld && sym->st_size != destshdr->sh_size) 967 ERROR (gettext ("\ 968 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol size %" PRIu64 " does not match %s section size %" PRIu64 "\n"), 969 idx, section_name (ebl, idx), 970 (uint64_t) sym->st_size, 971 sname, (uint64_t) destshdr->sh_size); 972 } 973 } 974 else 975 ERROR (gettext ("\ 976 section [%2d] '%s': _GLOBAL_OFFSET_TABLE_ symbol present, but no .got section\n"), 977 idx, section_name (ebl, idx)); 978 } 979 else if (strcmp (name, "_DYNAMIC") == 0) 980 /* Check that address and size match the dynamic section. 981 We locate the dynamic section via the program header 982 entry. */ 983 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 984 { 985 GElf_Phdr phdr_mem; 986 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 987 988 if (phdr != NULL && phdr->p_type == PT_DYNAMIC) 989 { 990 if (sym->st_value != phdr->p_vaddr) 991 ERROR (gettext ("\ 992 section [%2d] '%s': _DYNAMIC_ symbol value %#" PRIx64 " does not match dynamic segment address %#" PRIx64 "\n"), 993 idx, section_name (ebl, idx), 994 (uint64_t) sym->st_value, 995 (uint64_t) phdr->p_vaddr); 996 997 if (!gnuld && sym->st_size != phdr->p_memsz) 998 ERROR (gettext ("\ 999 section [%2d] '%s': _DYNAMIC symbol size %" PRIu64 " does not match dynamic segment size %" PRIu64 "\n"), 1000 idx, section_name (ebl, idx), 1001 (uint64_t) sym->st_size, 1002 (uint64_t) phdr->p_memsz); 1003 1004 break; 1005 } 1006 } 1007 } 1008 1009 if (GELF_ST_VISIBILITY (sym->st_other) != STV_DEFAULT 1010 && shdr->sh_type == SHT_DYNSYM) 1011 ERROR (gettext ("\ 1012 section [%2d] '%s': symbol %zu: symbol in dynamic symbol table with non-default visibility\n"), 1013 idx, section_name (ebl, idx), cnt); 1014 if (! ebl_check_st_other_bits (ebl, sym->st_other)) 1015 ERROR (gettext ("\ 1016 section [%2d] '%s': symbol %zu: unknown bit set in st_other\n"), 1017 idx, section_name (ebl, idx), cnt); 1018 1019 } 1020 } 1021 1022 1023 static bool 1024 is_rel_dyn (Ebl *ebl, const GElf_Ehdr *ehdr, int idx, const GElf_Shdr *shdr, 1025 bool is_rela) 1026 { 1027 /* If this is no executable or DSO it cannot be a .rel.dyn section. */ 1028 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1029 return false; 1030 1031 /* Check the section name. Unfortunately necessary. */ 1032 if (strcmp (section_name (ebl, idx), is_rela ? ".rela.dyn" : ".rel.dyn")) 1033 return false; 1034 1035 /* When a .rel.dyn section is used a DT_RELCOUNT dynamic section 1036 entry can be present as well. */ 1037 Elf_Scn *scn = NULL; 1038 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 1039 { 1040 GElf_Shdr rcshdr_mem; 1041 const GElf_Shdr *rcshdr = gelf_getshdr (scn, &rcshdr_mem); 1042 assert (rcshdr != NULL); 1043 1044 if (rcshdr->sh_type == SHT_DYNAMIC) 1045 { 1046 /* Found the dynamic section. Look through it. */ 1047 Elf_Data *d = elf_getdata (scn, NULL); 1048 size_t cnt; 1049 1050 for (cnt = 1; cnt < rcshdr->sh_size / rcshdr->sh_entsize; ++cnt) 1051 { 1052 GElf_Dyn dyn_mem; 1053 GElf_Dyn *dyn = gelf_getdyn (d, cnt, &dyn_mem); 1054 assert (dyn != NULL); 1055 1056 if (dyn->d_tag == DT_RELCOUNT) 1057 { 1058 /* Found it. Does the type match. */ 1059 if (is_rela) 1060 ERROR (gettext ("\ 1061 section [%2d] '%s': DT_RELCOUNT used for this RELA section\n"), 1062 idx, section_name (ebl, idx)); 1063 else 1064 { 1065 /* Does the number specified number of relative 1066 relocations exceed the total number of 1067 relocations? */ 1068 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1069 ERROR (gettext ("\ 1070 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1071 idx, section_name (ebl, idx), 1072 (int) dyn->d_un.d_val); 1073 1074 /* Make sure the specified number of relocations are 1075 relative. */ 1076 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1077 idx), NULL); 1078 if (reldata != NULL) 1079 for (size_t inner = 0; 1080 inner < shdr->sh_size / shdr->sh_entsize; 1081 ++inner) 1082 { 1083 GElf_Rel rel_mem; 1084 GElf_Rel *rel = gelf_getrel (reldata, inner, 1085 &rel_mem); 1086 if (rel == NULL) 1087 /* The problem will be reported elsewhere. */ 1088 break; 1089 1090 if (ebl_relative_reloc_p (ebl, 1091 GELF_R_TYPE (rel->r_info))) 1092 { 1093 if (inner >= dyn->d_un.d_val) 1094 ERROR (gettext ("\ 1095 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1096 idx, section_name (ebl, idx), 1097 (int) dyn->d_un.d_val); 1098 } 1099 else if (inner < dyn->d_un.d_val) 1100 ERROR (gettext ("\ 1101 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1102 idx, section_name (ebl, idx), 1103 inner, (int) dyn->d_un.d_val); 1104 } 1105 } 1106 } 1107 1108 if (dyn->d_tag == DT_RELACOUNT) 1109 { 1110 /* Found it. Does the type match. */ 1111 if (!is_rela) 1112 ERROR (gettext ("\ 1113 section [%2d] '%s': DT_RELACOUNT used for this REL section\n"), 1114 idx, section_name (ebl, idx)); 1115 else 1116 { 1117 /* Does the number specified number of relative 1118 relocations exceed the total number of 1119 relocations? */ 1120 if (dyn->d_un.d_val > shdr->sh_size / shdr->sh_entsize) 1121 ERROR (gettext ("\ 1122 section [%2d] '%s': DT_RELCOUNT value %d too high for this section\n"), 1123 idx, section_name (ebl, idx), 1124 (int) dyn->d_un.d_val); 1125 1126 /* Make sure the specified number of relocations are 1127 relative. */ 1128 Elf_Data *reldata = elf_getdata (elf_getscn (ebl->elf, 1129 idx), NULL); 1130 if (reldata != NULL) 1131 for (size_t inner = 0; 1132 inner < shdr->sh_size / shdr->sh_entsize; 1133 ++inner) 1134 { 1135 GElf_Rela rela_mem; 1136 GElf_Rela *rela = gelf_getrela (reldata, inner, 1137 &rela_mem); 1138 if (rela == NULL) 1139 /* The problem will be reported elsewhere. */ 1140 break; 1141 1142 if (ebl_relative_reloc_p (ebl, 1143 GELF_R_TYPE (rela->r_info))) 1144 { 1145 if (inner >= dyn->d_un.d_val) 1146 ERROR (gettext ("\ 1147 section [%2d] '%s': relative relocations after index %d as specified by DT_RELCOUNT\n"), 1148 idx, section_name (ebl, idx), 1149 (int) dyn->d_un.d_val); 1150 } 1151 else if (inner < dyn->d_un.d_val) 1152 ERROR (gettext ("\ 1153 section [%2d] '%s': non-relative relocation at index %zu; DT_RELCOUNT specified %d relative relocations\n"), 1154 idx, section_name (ebl, idx), 1155 inner, (int) dyn->d_un.d_val); 1156 } 1157 } 1158 } 1159 } 1160 1161 break; 1162 } 1163 } 1164 1165 return true; 1166 } 1167 1168 1169 struct loaded_segment 1170 { 1171 GElf_Addr from; 1172 GElf_Addr to; 1173 bool read_only; 1174 struct loaded_segment *next; 1175 }; 1176 1177 1178 /* Check whether binary has text relocation flag set. */ 1179 static bool textrel; 1180 1181 /* Keep track of whether text relocation flag is needed. */ 1182 static bool needed_textrel; 1183 1184 1185 static bool 1186 check_reloc_shdr (Ebl *ebl, const GElf_Ehdr *ehdr, const GElf_Shdr *shdr, 1187 int idx, int reltype, GElf_Shdr **destshdrp, 1188 GElf_Shdr *destshdr_memp, struct loaded_segment **loadedp) 1189 { 1190 bool reldyn = false; 1191 1192 /* Check whether the link to the section we relocate is reasonable. */ 1193 if (shdr->sh_info >= shnum) 1194 ERROR (gettext ("section [%2d] '%s': invalid destination section index\n"), 1195 idx, section_name (ebl, idx)); 1196 else if (shdr->sh_info != 0) 1197 { 1198 *destshdrp = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_info), 1199 destshdr_memp); 1200 if (*destshdrp != NULL) 1201 { 1202 if((*destshdrp)->sh_type != SHT_PROGBITS 1203 && (*destshdrp)->sh_type != SHT_NOBITS) 1204 { 1205 reldyn = is_rel_dyn (ebl, ehdr, idx, shdr, true); 1206 if (!reldyn) 1207 ERROR (gettext ("\ 1208 section [%2d] '%s': invalid destination section type\n"), 1209 idx, section_name (ebl, idx)); 1210 else 1211 { 1212 /* There is no standard, but we require that .rel{,a}.dyn 1213 sections have a sh_info value of zero. */ 1214 if (shdr->sh_info != 0) 1215 ERROR (gettext ("\ 1216 section [%2d] '%s': sh_info should be zero\n"), 1217 idx, section_name (ebl, idx)); 1218 } 1219 } 1220 1221 if (((*destshdrp)->sh_flags & (SHF_MERGE | SHF_STRINGS)) != 0) 1222 ERROR (gettext ("\ 1223 section [%2d] '%s': no relocations for merge-able sections possible\n"), 1224 idx, section_name (ebl, idx)); 1225 } 1226 } 1227 1228 if (shdr->sh_entsize != gelf_fsize (ebl->elf, reltype, 1, EV_CURRENT)) 1229 ERROR (gettext (reltype == ELF_T_RELA ? "\ 1230 section [%2d] '%s': section entry size does not match ElfXX_Rela\n" : "\ 1231 section [%2d] '%s': section entry size does not match ElfXX_Rel\n"), 1232 idx, section_name (ebl, idx)); 1233 1234 /* In preparation of checking whether relocations are text 1235 relocations or not we need to determine whether the file is 1236 flagged to have text relocation and we need to determine a) what 1237 the loaded segments are and b) which are read-only. This will 1238 also allow us to determine whether the same reloc section is 1239 modifying loaded and not loaded segments. */ 1240 for (unsigned int i = 0; i < phnum; ++i) 1241 { 1242 GElf_Phdr phdr_mem; 1243 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); 1244 if (phdr == NULL) 1245 continue; 1246 1247 if (phdr->p_type == PT_LOAD) 1248 { 1249 struct loaded_segment *newp = xmalloc (sizeof (*newp)); 1250 newp->from = phdr->p_vaddr; 1251 newp->to = phdr->p_vaddr + phdr->p_memsz; 1252 newp->read_only = (phdr->p_flags & PF_W) == 0; 1253 newp->next = *loadedp; 1254 *loadedp = newp; 1255 } 1256 else if (phdr->p_type == PT_DYNAMIC) 1257 { 1258 Elf_Scn *dynscn = gelf_offscn (ebl->elf, phdr->p_offset); 1259 GElf_Shdr dynshdr_mem; 1260 GElf_Shdr *dynshdr = gelf_getshdr (dynscn, &dynshdr_mem); 1261 Elf_Data *dyndata = elf_getdata (dynscn, NULL); 1262 if (dynshdr != NULL && dynshdr->sh_type == SHT_DYNAMIC 1263 && dyndata != NULL) 1264 for (size_t j = 0; j < dynshdr->sh_size / dynshdr->sh_entsize; ++j) 1265 { 1266 GElf_Dyn dyn_mem; 1267 GElf_Dyn *dyn = gelf_getdyn (dyndata, j, &dyn_mem); 1268 if (dyn != NULL 1269 && (dyn->d_tag == DT_TEXTREL 1270 || (dyn->d_tag == DT_FLAGS 1271 && (dyn->d_un.d_val & DF_TEXTREL) != 0))) 1272 { 1273 textrel = true; 1274 break; 1275 } 1276 } 1277 } 1278 } 1279 1280 /* A quick test which can be easily done here (although it is a bit 1281 out of place): the text relocation flag makes only sense if there 1282 is a segment which is not writable. */ 1283 if (textrel) 1284 { 1285 struct loaded_segment *seg = *loadedp; 1286 while (seg != NULL && !seg->read_only) 1287 seg = seg->next; 1288 if (seg == NULL) 1289 ERROR (gettext ("\ 1290 text relocation flag set but there is no read-only segment\n")); 1291 } 1292 1293 return reldyn; 1294 } 1295 1296 1297 enum load_state 1298 { 1299 state_undecided, 1300 state_loaded, 1301 state_unloaded, 1302 state_error 1303 }; 1304 1305 1306 static void 1307 check_one_reloc (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *relshdr, int idx, 1308 size_t cnt, const GElf_Shdr *symshdr, Elf_Data *symdata, 1309 GElf_Addr r_offset, GElf_Xword r_info, 1310 const GElf_Shdr *destshdr, bool reldyn, 1311 struct loaded_segment *loaded, enum load_state *statep) 1312 { 1313 bool known_broken = gnuld; 1314 1315 if (!ebl_reloc_type_check (ebl, GELF_R_TYPE (r_info))) 1316 ERROR (gettext ("section [%2d] '%s': relocation %zu: invalid type\n"), 1317 idx, section_name (ebl, idx), cnt); 1318 else if (((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1319 /* The executable/DSO can contain relocation sections with 1320 all the relocations the linker has applied. Those sections 1321 are marked non-loaded, though. */ 1322 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1323 && !ebl_reloc_valid_use (ebl, GELF_R_TYPE (r_info))) 1324 ERROR (gettext ("\ 1325 section [%2d] '%s': relocation %zu: relocation type invalid for the file type\n"), 1326 idx, section_name (ebl, idx), cnt); 1327 1328 if (symshdr != NULL 1329 && ((GELF_R_SYM (r_info) + 1) 1330 * gelf_fsize (ebl->elf, ELF_T_SYM, 1, EV_CURRENT) 1331 > symshdr->sh_size)) 1332 ERROR (gettext ("\ 1333 section [%2d] '%s': relocation %zu: invalid symbol index\n"), 1334 idx, section_name (ebl, idx), cnt); 1335 1336 /* No more tests if this is a no-op relocation. */ 1337 if (ebl_none_reloc_p (ebl, GELF_R_TYPE (r_info))) 1338 return; 1339 1340 if (ebl_gotpc_reloc_check (ebl, GELF_R_TYPE (r_info))) 1341 { 1342 const char *name; 1343 char buf[64]; 1344 GElf_Sym sym_mem; 1345 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1346 if (sym != NULL 1347 /* Get the name for the symbol. */ 1348 && (name = elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name)) 1349 && strcmp (name, "_GLOBAL_OFFSET_TABLE_") !=0 ) 1350 ERROR (gettext ("\ 1351 section [%2d] '%s': relocation %zu: only symbol '_GLOBAL_OFFSET_TABLE_' can be used with %s\n"), 1352 idx, section_name (ebl, idx), cnt, 1353 ebl_reloc_type_name (ebl, GELF_R_SYM (r_info), 1354 buf, sizeof (buf))); 1355 } 1356 1357 if (reldyn) 1358 { 1359 // XXX TODO Check .rel.dyn section addresses. 1360 } 1361 else if (!known_broken) 1362 { 1363 if (destshdr != NULL 1364 && GELF_R_TYPE (r_info) != 0 1365 && (r_offset - (ehdr->e_type == ET_REL ? 0 1366 : destshdr->sh_addr)) >= destshdr->sh_size) 1367 ERROR (gettext ("\ 1368 section [%2d] '%s': relocation %zu: offset out of bounds\n"), 1369 idx, section_name (ebl, idx), cnt); 1370 } 1371 1372 GElf_Sym sym_mem; 1373 GElf_Sym *sym = gelf_getsym (symdata, GELF_R_SYM (r_info), &sym_mem); 1374 1375 if (ebl_copy_reloc_p (ebl, GELF_R_TYPE (r_info)) 1376 /* Make sure the referenced symbol is an object or unspecified. */ 1377 && sym != NULL 1378 && GELF_ST_TYPE (sym->st_info) != STT_NOTYPE 1379 && GELF_ST_TYPE (sym->st_info) != STT_OBJECT) 1380 { 1381 char buf[64]; 1382 ERROR (gettext ("section [%2d] '%s': relocation %zu: copy relocation against symbol of type %s\n"), 1383 idx, section_name (ebl, idx), cnt, 1384 ebl_symbol_type_name (ebl, GELF_ST_TYPE (sym->st_info), 1385 buf, sizeof (buf))); 1386 } 1387 1388 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 1389 || (relshdr->sh_flags & SHF_ALLOC) != 0) 1390 { 1391 bool in_loaded_seg = false; 1392 while (loaded != NULL) 1393 { 1394 if (r_offset < loaded->to 1395 && r_offset + (sym == NULL ? 0 : sym->st_size) >= loaded->from) 1396 { 1397 /* The symbol is in this segment. */ 1398 if (loaded->read_only) 1399 { 1400 if (textrel) 1401 needed_textrel = true; 1402 else 1403 ERROR (gettext ("section [%2d] '%s': relocation %zu: read-only section modified but text relocation flag not set\n"), 1404 idx, section_name (ebl, idx), cnt); 1405 } 1406 1407 in_loaded_seg = true; 1408 } 1409 1410 loaded = loaded->next; 1411 } 1412 1413 if (*statep == state_undecided) 1414 *statep = in_loaded_seg ? state_loaded : state_unloaded; 1415 else if ((*statep == state_unloaded && in_loaded_seg) 1416 || (*statep == state_loaded && !in_loaded_seg)) 1417 { 1418 ERROR (gettext ("\ 1419 section [%2d] '%s': relocations are against loaded and unloaded data\n"), 1420 idx, section_name (ebl, idx)); 1421 *statep = state_error; 1422 } 1423 } 1424 } 1425 1426 1427 static void 1428 check_rela (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1429 { 1430 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1431 if (data == NULL) 1432 { 1433 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1434 idx, section_name (ebl, idx)); 1435 return; 1436 } 1437 1438 /* Check the fields of the section header. */ 1439 GElf_Shdr destshdr_mem; 1440 GElf_Shdr *destshdr = NULL; 1441 struct loaded_segment *loaded = NULL; 1442 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_RELA, &destshdr, 1443 &destshdr_mem, &loaded); 1444 1445 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1446 GElf_Shdr symshdr_mem; 1447 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1448 Elf_Data *symdata = elf_getdata (symscn, NULL); 1449 enum load_state state = state_undecided; 1450 1451 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1452 { 1453 GElf_Rela rela_mem; 1454 GElf_Rela *rela = gelf_getrela (data, cnt, &rela_mem); 1455 if (rela == NULL) 1456 { 1457 ERROR (gettext ("\ 1458 section [%2d] '%s': cannot get relocation %zu: %s\n"), 1459 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1460 continue; 1461 } 1462 1463 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1464 rela->r_offset, rela->r_info, destshdr, reldyn, loaded, 1465 &state); 1466 } 1467 1468 while (loaded != NULL) 1469 { 1470 struct loaded_segment *old = loaded; 1471 loaded = loaded->next; 1472 free (old); 1473 } 1474 } 1475 1476 1477 static void 1478 check_rel (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1479 { 1480 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1481 if (data == NULL) 1482 { 1483 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1484 idx, section_name (ebl, idx)); 1485 return; 1486 } 1487 1488 /* Check the fields of the section header. */ 1489 GElf_Shdr destshdr_mem; 1490 GElf_Shdr *destshdr = NULL; 1491 struct loaded_segment *loaded = NULL; 1492 bool reldyn = check_reloc_shdr (ebl, ehdr, shdr, idx, ELF_T_REL, &destshdr, 1493 &destshdr_mem, &loaded); 1494 1495 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1496 GElf_Shdr symshdr_mem; 1497 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1498 Elf_Data *symdata = elf_getdata (symscn, NULL); 1499 enum load_state state = state_undecided; 1500 1501 for (size_t cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1502 { 1503 GElf_Rel rel_mem; 1504 GElf_Rel *rel = gelf_getrel (data, cnt, &rel_mem); 1505 if (rel == NULL) 1506 { 1507 ERROR (gettext ("\ 1508 section [%2d] '%s': cannot get relocation %zu: %s\n"), 1509 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1510 continue; 1511 } 1512 1513 check_one_reloc (ebl, ehdr, shdr, idx, cnt, symshdr, symdata, 1514 rel->r_offset, rel->r_info, destshdr, reldyn, loaded, 1515 &state); 1516 } 1517 1518 while (loaded != NULL) 1519 { 1520 struct loaded_segment *old = loaded; 1521 loaded = loaded->next; 1522 free (old); 1523 } 1524 } 1525 1526 1527 /* Number of dynamic sections. */ 1528 static int ndynamic; 1529 1530 1531 static void 1532 check_dynamic (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1533 { 1534 Elf_Data *data; 1535 GElf_Shdr strshdr_mem; 1536 GElf_Shdr *strshdr; 1537 size_t cnt; 1538 static const bool dependencies[DT_NUM][DT_NUM] = 1539 { 1540 [DT_NEEDED] = { [DT_STRTAB] = true }, 1541 [DT_PLTRELSZ] = { [DT_JMPREL] = true }, 1542 [DT_HASH] = { [DT_SYMTAB] = true }, 1543 [DT_STRTAB] = { [DT_STRSZ] = true }, 1544 [DT_SYMTAB] = { [DT_STRTAB] = true, [DT_SYMENT] = true }, 1545 [DT_RELA] = { [DT_RELASZ] = true, [DT_RELAENT] = true }, 1546 [DT_RELASZ] = { [DT_RELA] = true }, 1547 [DT_RELAENT] = { [DT_RELA] = true }, 1548 [DT_STRSZ] = { [DT_STRTAB] = true }, 1549 [DT_SYMENT] = { [DT_SYMTAB] = true }, 1550 [DT_SONAME] = { [DT_STRTAB] = true }, 1551 [DT_RPATH] = { [DT_STRTAB] = true }, 1552 [DT_REL] = { [DT_RELSZ] = true, [DT_RELENT] = true }, 1553 [DT_RELSZ] = { [DT_REL] = true }, 1554 [DT_RELENT] = { [DT_REL] = true }, 1555 [DT_JMPREL] = { [DT_PLTRELSZ] = true, [DT_PLTREL] = true }, 1556 [DT_RUNPATH] = { [DT_STRTAB] = true }, 1557 [DT_PLTREL] = { [DT_JMPREL] = true }, 1558 }; 1559 bool has_dt[DT_NUM]; 1560 bool has_val_dt[DT_VALNUM]; 1561 bool has_addr_dt[DT_ADDRNUM]; 1562 static const bool level2[DT_NUM] = 1563 { 1564 [DT_RPATH] = true, 1565 [DT_SYMBOLIC] = true, 1566 [DT_TEXTREL] = true, 1567 [DT_BIND_NOW] = true 1568 }; 1569 static const bool mandatory[DT_NUM] = 1570 { 1571 [DT_NULL] = true, 1572 [DT_STRTAB] = true, 1573 [DT_SYMTAB] = true, 1574 [DT_STRSZ] = true, 1575 [DT_SYMENT] = true 1576 }; 1577 1578 memset (has_dt, '\0', sizeof (has_dt)); 1579 memset (has_val_dt, '\0', sizeof (has_val_dt)); 1580 memset (has_addr_dt, '\0', sizeof (has_addr_dt)); 1581 1582 if (++ndynamic == 2) 1583 ERROR (gettext ("more than one dynamic section present\n")); 1584 1585 data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1586 if (data == NULL) 1587 { 1588 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 1589 idx, section_name (ebl, idx)); 1590 return; 1591 } 1592 1593 strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), &strshdr_mem); 1594 if (strshdr != NULL && strshdr->sh_type != SHT_STRTAB) 1595 ERROR (gettext ("\ 1596 section [%2d] '%s': referenced as string table for section [%2d] '%s' but type is not SHT_STRTAB\n"), 1597 shdr->sh_link, section_name (ebl, shdr->sh_link), 1598 idx, section_name (ebl, idx)); 1599 1600 if (shdr->sh_entsize != gelf_fsize (ebl->elf, ELF_T_DYN, 1, EV_CURRENT)) 1601 ERROR (gettext ("\ 1602 section [%2d] '%s': section entry size does not match ElfXX_Dyn\n"), 1603 idx, section_name (ebl, idx)); 1604 1605 if (shdr->sh_info != 0) 1606 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1607 idx, section_name (ebl, idx)); 1608 1609 bool non_null_warned = false; 1610 for (cnt = 0; cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 1611 { 1612 GElf_Dyn dyn_mem; 1613 GElf_Dyn *dyn = gelf_getdyn (data, cnt, &dyn_mem); 1614 if (dyn == NULL) 1615 { 1616 ERROR (gettext ("\ 1617 section [%2d] '%s': cannot get dynamic section entry %zu: %s\n"), 1618 idx, section_name (ebl, idx), cnt, elf_errmsg (-1)); 1619 continue; 1620 } 1621 1622 if (has_dt[DT_NULL] && dyn->d_tag != DT_NULL && ! non_null_warned) 1623 { 1624 ERROR (gettext ("\ 1625 section [%2d] '%s': non-DT_NULL entries follow DT_NULL entry\n"), 1626 idx, section_name (ebl, idx)); 1627 non_null_warned = true; 1628 } 1629 1630 if (!ebl_dynamic_tag_check (ebl, dyn->d_tag)) 1631 ERROR (gettext ("section [%2d] '%s': entry %zu: unknown tag\n"), 1632 idx, section_name (ebl, idx), cnt); 1633 1634 if (dyn->d_tag >= 0 && dyn->d_tag < DT_NUM) 1635 { 1636 if (has_dt[dyn->d_tag] 1637 && dyn->d_tag != DT_NEEDED 1638 && dyn->d_tag != DT_NULL 1639 && dyn->d_tag != DT_POSFLAG_1) 1640 { 1641 char buf[50]; 1642 ERROR (gettext ("\ 1643 section [%2d] '%s': entry %zu: more than one entry with tag %s\n"), 1644 idx, section_name (ebl, idx), cnt, 1645 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1646 buf, sizeof (buf))); 1647 } 1648 1649 if (be_strict && level2[dyn->d_tag]) 1650 { 1651 char buf[50]; 1652 ERROR (gettext ("\ 1653 section [%2d] '%s': entry %zu: level 2 tag %s used\n"), 1654 idx, section_name (ebl, idx), cnt, 1655 ebl_dynamic_tag_name (ebl, dyn->d_tag, 1656 buf, sizeof (buf))); 1657 } 1658 1659 has_dt[dyn->d_tag] = true; 1660 } 1661 else if (dyn->d_tag <= DT_VALRNGHI 1662 && DT_VALTAGIDX (dyn->d_tag) < DT_VALNUM) 1663 has_val_dt[DT_VALTAGIDX (dyn->d_tag)] = true; 1664 else if (dyn->d_tag <= DT_ADDRRNGHI 1665 && DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) 1666 has_addr_dt[DT_ADDRTAGIDX (dyn->d_tag)] = true; 1667 1668 if (dyn->d_tag == DT_PLTREL && dyn->d_un.d_val != DT_REL 1669 && dyn->d_un.d_val != DT_RELA) 1670 ERROR (gettext ("\ 1671 section [%2d] '%s': entry %zu: DT_PLTREL value must be DT_REL or DT_RELA\n"), 1672 idx, section_name (ebl, idx), cnt); 1673 1674 /* Check that addresses for entries are in loaded segments. */ 1675 switch (dyn->d_tag) 1676 { 1677 size_t n; 1678 case DT_STRTAB: 1679 /* We require the referenced section is the same as the one 1680 specified in sh_link. */ 1681 if (strshdr->sh_addr != dyn->d_un.d_val) 1682 { 1683 ERROR (gettext ("\ 1684 section [%2d] '%s': entry %zu: pointer does not match address of section [%2d] '%s' referenced by sh_link\n"), 1685 idx, section_name (ebl, idx), cnt, 1686 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1687 break; 1688 } 1689 goto check_addr; 1690 1691 default: 1692 if (dyn->d_tag < DT_ADDRRNGLO || dyn->d_tag > DT_ADDRRNGHI) 1693 /* Value is no pointer. */ 1694 break; 1695 /* FALLTHROUGH */ 1696 1697 case DT_AUXILIARY: 1698 case DT_FILTER: 1699 case DT_FINI: 1700 case DT_FINI_ARRAY: 1701 case DT_HASH: 1702 case DT_INIT: 1703 case DT_INIT_ARRAY: 1704 case DT_JMPREL: 1705 case DT_PLTGOT: 1706 case DT_REL: 1707 case DT_RELA: 1708 case DT_SYMBOLIC: 1709 case DT_SYMTAB: 1710 case DT_VERDEF: 1711 case DT_VERNEED: 1712 case DT_VERSYM: 1713 check_addr: 1714 for (n = 0; n < phnum; ++n) 1715 { 1716 GElf_Phdr phdr_mem; 1717 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, n, &phdr_mem); 1718 if (phdr != NULL && phdr->p_type == PT_LOAD 1719 && phdr->p_vaddr <= dyn->d_un.d_ptr 1720 && phdr->p_vaddr + phdr->p_memsz > dyn->d_un.d_ptr) 1721 break; 1722 } 1723 if (unlikely (n >= phnum)) 1724 { 1725 char buf[50]; 1726 ERROR (gettext ("\ 1727 section [%2d] '%s': entry %zu: %s value must point into loaded segment\n"), 1728 idx, section_name (ebl, idx), cnt, 1729 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1730 sizeof (buf))); 1731 } 1732 break; 1733 1734 case DT_NEEDED: 1735 case DT_RPATH: 1736 case DT_RUNPATH: 1737 case DT_SONAME: 1738 if (dyn->d_un.d_ptr >= strshdr->sh_size) 1739 { 1740 char buf[50]; 1741 ERROR (gettext ("\ 1742 section [%2d] '%s': entry %zu: %s value must be valid offset in section [%2d] '%s'\n"), 1743 idx, section_name (ebl, idx), cnt, 1744 ebl_dynamic_tag_name (ebl, dyn->d_tag, buf, 1745 sizeof (buf)), 1746 shdr->sh_link, section_name (ebl, shdr->sh_link)); 1747 } 1748 break; 1749 } 1750 } 1751 1752 for (cnt = 1; cnt < DT_NUM; ++cnt) 1753 if (has_dt[cnt]) 1754 { 1755 for (int inner = 0; inner < DT_NUM; ++inner) 1756 if (dependencies[cnt][inner] && ! has_dt[inner]) 1757 { 1758 char buf1[50]; 1759 char buf2[50]; 1760 1761 ERROR (gettext ("\ 1762 section [%2d] '%s': contains %s entry but not %s\n"), 1763 idx, section_name (ebl, idx), 1764 ebl_dynamic_tag_name (ebl, cnt, buf1, sizeof (buf1)), 1765 ebl_dynamic_tag_name (ebl, inner, buf2, sizeof (buf2))); 1766 } 1767 } 1768 else 1769 { 1770 if (mandatory[cnt]) 1771 { 1772 char buf[50]; 1773 ERROR (gettext ("\ 1774 section [%2d] '%s': mandatory tag %s not present\n"), 1775 idx, section_name (ebl, idx), 1776 ebl_dynamic_tag_name (ebl, cnt, buf, sizeof (buf))); 1777 } 1778 } 1779 1780 /* Make sure we have an hash table. */ 1781 if (!has_dt[DT_HASH] && !has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)]) 1782 ERROR (gettext ("\ 1783 section [%2d] '%s': no hash section present\n"), 1784 idx, section_name (ebl, idx)); 1785 1786 /* The GNU-style hash table also needs a symbol table. */ 1787 if (!has_dt[DT_HASH] && has_addr_dt[DT_ADDRTAGIDX (DT_GNU_HASH)] 1788 && !has_dt[DT_SYMTAB]) 1789 ERROR (gettext ("\ 1790 section [%2d] '%s': contains %s entry but not %s\n"), 1791 idx, section_name (ebl, idx), 1792 "DT_GNU_HASH", "DT_SYMTAB"); 1793 1794 /* Check the rel/rela tags. At least one group must be available. */ 1795 if ((has_dt[DT_RELA] || has_dt[DT_RELASZ] || has_dt[DT_RELAENT]) 1796 && (!has_dt[DT_RELA] || !has_dt[DT_RELASZ] || !has_dt[DT_RELAENT])) 1797 ERROR (gettext ("\ 1798 section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1799 idx, section_name (ebl, idx), 1800 "DT_RELA", "DT_RELASZ", "DT_RELAENT"); 1801 1802 if ((has_dt[DT_REL] || has_dt[DT_RELSZ] || has_dt[DT_RELENT]) 1803 && (!has_dt[DT_REL] || !has_dt[DT_RELSZ] || !has_dt[DT_RELENT])) 1804 ERROR (gettext ("\ 1805 section [%2d] '%s': not all of %s, %s, and %s are present\n"), 1806 idx, section_name (ebl, idx), 1807 "DT_REL", "DT_RELSZ", "DT_RELENT"); 1808 1809 /* Check that all prelink sections are present if any of them is. */ 1810 if (has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)] 1811 || has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1812 { 1813 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_PRELINKED)]) 1814 ERROR (gettext ("\ 1815 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1816 idx, section_name (ebl, idx), "DT_GNU_PRELINKED"); 1817 if (!has_val_dt[DT_VALTAGIDX (DT_CHECKSUM)]) 1818 ERROR (gettext ("\ 1819 section [%2d] '%s': %s tag missing in DSO marked during prelinking\n"), 1820 idx, section_name (ebl, idx), "DT_CHECKSUM"); 1821 1822 /* Only DSOs can be marked like this. */ 1823 if (ehdr->e_type != ET_DYN) 1824 ERROR (gettext ("\ 1825 section [%2d] '%s': non-DSO file marked as dependency during prelink\n"), 1826 idx, section_name (ebl, idx)); 1827 } 1828 1829 if (has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)] 1830 || has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)] 1831 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)] 1832 || has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1833 { 1834 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_CONFLICTSZ)]) 1835 ERROR (gettext ("\ 1836 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1837 idx, section_name (ebl, idx), "DT_GNU_CONFLICTSZ"); 1838 if (!has_val_dt[DT_VALTAGIDX (DT_GNU_LIBLISTSZ)]) 1839 ERROR (gettext ("\ 1840 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1841 idx, section_name (ebl, idx), "DT_GNU_LIBLISTSZ"); 1842 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_CONFLICT)]) 1843 ERROR (gettext ("\ 1844 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1845 idx, section_name (ebl, idx), "DT_GNU_CONFLICT"); 1846 if (!has_addr_dt[DT_ADDRTAGIDX (DT_GNU_LIBLIST)]) 1847 ERROR (gettext ("\ 1848 section [%2d] '%s': %s tag missing in prelinked executable\n"), 1849 idx, section_name (ebl, idx), "DT_GNU_LIBLIST"); 1850 } 1851 } 1852 1853 1854 static void 1855 check_symtab_shndx (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 1856 { 1857 if (ehdr->e_type != ET_REL) 1858 { 1859 ERROR (gettext ("\ 1860 section [%2d] '%s': only relocatable files can have extended section index\n"), 1861 idx, section_name (ebl, idx)); 1862 return; 1863 } 1864 1865 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 1866 GElf_Shdr symshdr_mem; 1867 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 1868 if (symshdr != NULL && symshdr->sh_type != SHT_SYMTAB) 1869 ERROR (gettext ("\ 1870 section [%2d] '%s': extended section index section not for symbol table\n"), 1871 idx, section_name (ebl, idx)); 1872 Elf_Data *symdata = elf_getdata (symscn, NULL); 1873 if (symdata == NULL) 1874 ERROR (gettext ("cannot get data for symbol section\n")); 1875 1876 if (shdr->sh_entsize != sizeof (Elf32_Word)) 1877 ERROR (gettext ("\ 1878 section [%2d] '%s': entry size does not match Elf32_Word\n"), 1879 idx, section_name (ebl, idx)); 1880 1881 if (symshdr != NULL 1882 && (shdr->sh_size / shdr->sh_entsize 1883 < symshdr->sh_size / symshdr->sh_entsize)) 1884 ERROR (gettext ("\ 1885 section [%2d] '%s': extended index table too small for symbol table\n"), 1886 idx, section_name (ebl, idx)); 1887 1888 if (shdr->sh_info != 0) 1889 ERROR (gettext ("section [%2d] '%s': sh_info not zero\n"), 1890 idx, section_name (ebl, idx)); 1891 1892 for (size_t cnt = idx + 1; cnt < shnum; ++cnt) 1893 { 1894 GElf_Shdr rshdr_mem; 1895 GElf_Shdr *rshdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &rshdr_mem); 1896 if (rshdr != NULL && rshdr->sh_type == SHT_SYMTAB_SHNDX 1897 && rshdr->sh_link == shdr->sh_link) 1898 { 1899 ERROR (gettext ("\ 1900 section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same symbol table\n"), 1901 idx, section_name (ebl, idx), 1902 cnt, section_name (ebl, cnt)); 1903 break; 1904 } 1905 } 1906 1907 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 1908 1909 if (*((Elf32_Word *) data->d_buf) != 0) 1910 ERROR (gettext ("symbol 0 should have zero extended section index\n")); 1911 1912 for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt) 1913 { 1914 Elf32_Word xndx = ((Elf32_Word *) data->d_buf)[cnt]; 1915 1916 if (xndx != 0) 1917 { 1918 GElf_Sym sym_data; 1919 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_data); 1920 if (sym == NULL) 1921 { 1922 ERROR (gettext ("cannot get data for symbol %zu\n"), cnt); 1923 continue; 1924 } 1925 1926 if (sym->st_shndx != SHN_XINDEX) 1927 ERROR (gettext ("\ 1928 extended section index is %" PRIu32 " but symbol index is not XINDEX\n"), 1929 (uint32_t) xndx); 1930 } 1931 } 1932 } 1933 1934 1935 static void 1936 check_sysv_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1937 GElf_Shdr *symshdr) 1938 { 1939 Elf32_Word nbucket = ((Elf32_Word *) data->d_buf)[0]; 1940 Elf32_Word nchain = ((Elf32_Word *) data->d_buf)[1]; 1941 1942 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 1943 ERROR (gettext ("\ 1944 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 1945 idx, section_name (ebl, idx), (long int) shdr->sh_size, 1946 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 1947 1948 size_t maxidx = nchain; 1949 1950 if (symshdr != NULL) 1951 { 1952 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 1953 1954 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 1955 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 1956 idx, section_name (ebl, idx)); 1957 1958 maxidx = symsize; 1959 } 1960 1961 size_t cnt; 1962 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 1963 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx) 1964 ERROR (gettext ("\ 1965 section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 1966 idx, section_name (ebl, idx), cnt - 2); 1967 1968 for (; cnt < 2 + nbucket + nchain; ++cnt) 1969 if (((Elf32_Word *) data->d_buf)[cnt] >= maxidx) 1970 ERROR (gettext ("\ 1971 section [%2d] '%s': hash chain reference %zu out of bounds\n"), 1972 idx, section_name (ebl, idx), cnt - 2 - nbucket); 1973 } 1974 1975 1976 static void 1977 check_sysv_hash64 (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 1978 GElf_Shdr *symshdr) 1979 { 1980 Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0]; 1981 Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1]; 1982 1983 if (shdr->sh_size < (2 + nbucket + nchain) * shdr->sh_entsize) 1984 ERROR (gettext ("\ 1985 section [%2d] '%s': hash table section is too small (is %ld, expected %ld)\n"), 1986 idx, section_name (ebl, idx), (long int) shdr->sh_size, 1987 (long int) ((2 + nbucket + nchain) * shdr->sh_entsize)); 1988 1989 size_t maxidx = nchain; 1990 1991 if (symshdr != NULL) 1992 { 1993 size_t symsize = symshdr->sh_size / symshdr->sh_entsize; 1994 1995 if (nchain > symshdr->sh_size / symshdr->sh_entsize) 1996 ERROR (gettext ("section [%2d] '%s': chain array too large\n"), 1997 idx, section_name (ebl, idx)); 1998 1999 maxidx = symsize; 2000 } 2001 2002 size_t cnt; 2003 for (cnt = 2; cnt < 2 + nbucket; ++cnt) 2004 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx) 2005 ERROR (gettext ("\ 2006 section [%2d] '%s': hash bucket reference %zu out of bounds\n"), 2007 idx, section_name (ebl, idx), cnt - 2); 2008 2009 for (; cnt < 2 + nbucket + nchain; ++cnt) 2010 if (((Elf64_Xword *) data->d_buf)[cnt] >= maxidx) 2011 ERROR (gettext ("\ 2012 section [%2d] '%s': hash chain reference %" PRIu64 " out of bounds\n"), 2013 idx, section_name (ebl, idx), (uint64_t) (cnt - 2 - nbucket)); 2014 } 2015 2016 2017 static void 2018 check_gnu_hash (Ebl *ebl, GElf_Shdr *shdr, Elf_Data *data, int idx, 2019 GElf_Shdr *symshdr) 2020 { 2021 Elf32_Word nbuckets = ((Elf32_Word *) data->d_buf)[0]; 2022 Elf32_Word symbias = ((Elf32_Word *) data->d_buf)[1]; 2023 Elf32_Word bitmask_words = ((Elf32_Word *) data->d_buf)[2]; 2024 2025 if (!powerof2 (bitmask_words)) 2026 ERROR (gettext ("\ 2027 section [%2d] '%s': bitmask size not power of 2: %u\n"), 2028 idx, section_name (ebl, idx), bitmask_words); 2029 2030 size_t bitmask_idxmask = bitmask_words - 1; 2031 if (gelf_getclass (ebl->elf) == ELFCLASS64) 2032 bitmask_words *= 2; 2033 Elf32_Word shift = ((Elf32_Word *) data->d_buf)[3]; 2034 2035 if (shdr->sh_size < (4 + bitmask_words + nbuckets) * sizeof (Elf32_Word)) 2036 { 2037 ERROR (gettext ("\ 2038 section [%2d] '%s': hash table section is too small (is %ld, expected at least%ld)\n"), 2039 idx, section_name (ebl, idx), (long int) shdr->sh_size, 2040 (long int) ((4 + bitmask_words + nbuckets) * sizeof (Elf32_Word))); 2041 return; 2042 } 2043 2044 if (shift > 31) 2045 ERROR (gettext ("\ 2046 section [%2d] '%s': 2nd hash function shift too big: %u\n"), 2047 idx, section_name (ebl, idx), shift); 2048 2049 size_t maxidx = shdr->sh_size / sizeof (Elf32_Word) - (4 + bitmask_words 2050 + nbuckets); 2051 2052 if (symshdr != NULL) 2053 maxidx = MIN (maxidx, symshdr->sh_size / symshdr->sh_entsize); 2054 2055 /* We need the symbol section data. */ 2056 Elf_Data *symdata = elf_getdata (elf_getscn (ebl->elf, shdr->sh_link), NULL); 2057 2058 union 2059 { 2060 Elf32_Word *p32; 2061 Elf64_Xword *p64; 2062 } bitmask = { .p32 = &((Elf32_Word *) data->d_buf)[4] }, 2063 collected = { .p32 = xcalloc (bitmask_words, sizeof (Elf32_Word)) }; 2064 2065 size_t classbits = gelf_getclass (ebl->elf) == ELFCLASS32 ? 32 : 64; 2066 2067 size_t cnt; 2068 for (cnt = 4 + bitmask_words; cnt < 4 + bitmask_words + nbuckets; ++cnt) 2069 { 2070 Elf32_Word symidx = ((Elf32_Word *) data->d_buf)[cnt]; 2071 2072 if (symidx == 0) 2073 continue; 2074 2075 if (symidx < symbias) 2076 { 2077 ERROR (gettext ("\ 2078 section [%2d] '%s': hash chain for bucket %zu lower than symbol index bias\n"), 2079 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2080 continue; 2081 } 2082 2083 while (symidx - symbias < maxidx) 2084 { 2085 Elf32_Word chainhash = ((Elf32_Word *) data->d_buf)[4 2086 + bitmask_words 2087 + nbuckets 2088 + symidx 2089 - symbias]; 2090 2091 if (symdata != NULL) 2092 { 2093 /* Check that the referenced symbol is not undefined. */ 2094 GElf_Sym sym_mem; 2095 GElf_Sym *sym = gelf_getsym (symdata, symidx, &sym_mem); 2096 if (sym != NULL && sym->st_shndx == SHN_UNDEF 2097 && GELF_ST_TYPE (sym->st_info) != STT_FUNC) 2098 ERROR (gettext ("\ 2099 section [%2d] '%s': symbol %u referenced in chain for bucket %zu is undefined\n"), 2100 idx, section_name (ebl, idx), symidx, 2101 cnt - (4 + bitmask_words)); 2102 2103 const char *symname = elf_strptr (ebl->elf, symshdr->sh_link, 2104 sym->st_name); 2105 if (symname != NULL) 2106 { 2107 Elf32_Word hval = elf_gnu_hash (symname); 2108 if ((hval & ~1u) != (chainhash & ~1u)) 2109 ERROR (gettext ("\ 2110 section [%2d] '%s': hash value for symbol %u in chain for bucket %zu wrong\n"), 2111 idx, section_name (ebl, idx), symidx, 2112 cnt - (4 + bitmask_words)); 2113 2114 /* Set the bits in the bitmask. */ 2115 size_t maskidx = (hval / classbits) & bitmask_idxmask; 2116 if (classbits == 32) 2117 { 2118 collected.p32[maskidx] 2119 |= UINT32_C (1) << (hval & (classbits - 1)); 2120 collected.p32[maskidx] 2121 |= UINT32_C (1) << ((hval >> shift) & (classbits - 1)); 2122 } 2123 else 2124 { 2125 collected.p64[maskidx] 2126 |= UINT64_C (1) << (hval & (classbits - 1)); 2127 collected.p64[maskidx] 2128 |= UINT64_C (1) << ((hval >> shift) & (classbits - 1)); 2129 } 2130 } 2131 } 2132 2133 if ((chainhash & 1) != 0) 2134 break; 2135 2136 ++symidx; 2137 } 2138 2139 if (symidx - symbias >= maxidx) 2140 ERROR (gettext ("\ 2141 section [%2d] '%s': hash chain for bucket %zu out of bounds\n"), 2142 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2143 else if (symshdr != NULL 2144 && symidx > symshdr->sh_size / symshdr->sh_entsize) 2145 ERROR (gettext ("\ 2146 section [%2d] '%s': symbol reference in chain for bucket %zu out of bounds\n"), 2147 idx, section_name (ebl, idx), cnt - (4 + bitmask_words)); 2148 } 2149 2150 if (memcmp (collected.p32, bitmask.p32, bitmask_words * sizeof (Elf32_Word))) 2151 ERROR (gettext ("\ 2152 section [%2d] '%s': bitmask does not match names in the hash table\n"), 2153 idx, section_name (ebl, idx)); 2154 2155 free (collected.p32); 2156 } 2157 2158 2159 static void 2160 check_hash (int tag, Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2161 { 2162 if (ehdr->e_type == ET_REL) 2163 { 2164 ERROR (gettext ("\ 2165 section [%2d] '%s': relocatable files cannot have hash tables\n"), 2166 idx, section_name (ebl, idx)); 2167 return; 2168 } 2169 2170 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2171 if (data == NULL) 2172 { 2173 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2174 idx, section_name (ebl, idx)); 2175 return; 2176 } 2177 2178 GElf_Shdr symshdr_mem; 2179 GElf_Shdr *symshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2180 &symshdr_mem); 2181 if (symshdr != NULL && symshdr->sh_type != SHT_DYNSYM) 2182 ERROR (gettext ("\ 2183 section [%2d] '%s': hash table not for dynamic symbol table\n"), 2184 idx, section_name (ebl, idx)); 2185 2186 if (shdr->sh_entsize != (tag == SHT_GNU_HASH 2187 ? (gelf_getclass (ebl->elf) == ELFCLASS32 2188 ? sizeof (Elf32_Word) : 0) 2189 : (size_t) ebl_sysvhash_entrysize (ebl))) 2190 ERROR (gettext ("\ 2191 section [%2d] '%s': hash table entry size incorrect\n"), 2192 idx, section_name (ebl, idx)); 2193 2194 if ((shdr->sh_flags & SHF_ALLOC) == 0) 2195 ERROR (gettext ("section [%2d] '%s': not marked to be allocated\n"), 2196 idx, section_name (ebl, idx)); 2197 2198 if (shdr->sh_size < (tag == SHT_GNU_HASH ? 4 : 2) * (shdr->sh_entsize ?: 4)) 2199 { 2200 ERROR (gettext ("\ 2201 section [%2d] '%s': hash table has not even room for initial administrative entries\n"), 2202 idx, section_name (ebl, idx)); 2203 return; 2204 } 2205 2206 switch (tag) 2207 { 2208 case SHT_HASH: 2209 if (ebl_sysvhash_entrysize (ebl) == sizeof (Elf64_Xword)) 2210 check_sysv_hash64 (ebl, shdr, data, idx, symshdr); 2211 else 2212 check_sysv_hash (ebl, shdr, data, idx, symshdr); 2213 break; 2214 2215 case SHT_GNU_HASH: 2216 check_gnu_hash (ebl, shdr, data, idx, symshdr); 2217 break; 2218 2219 default: 2220 assert (! "should not happen"); 2221 } 2222 } 2223 2224 2225 /* Compare content of both hash tables, it must be identical. */ 2226 static void 2227 compare_hash_gnu_hash (Ebl *ebl, GElf_Ehdr *ehdr, size_t hash_idx, 2228 size_t gnu_hash_idx) 2229 { 2230 Elf_Scn *hash_scn = elf_getscn (ebl->elf, hash_idx); 2231 Elf_Data *hash_data = elf_getdata (hash_scn, NULL); 2232 GElf_Shdr hash_shdr_mem; 2233 GElf_Shdr *hash_shdr = gelf_getshdr (hash_scn, &hash_shdr_mem); 2234 Elf_Scn *gnu_hash_scn = elf_getscn (ebl->elf, gnu_hash_idx); 2235 Elf_Data *gnu_hash_data = elf_getdata (gnu_hash_scn, NULL); 2236 GElf_Shdr gnu_hash_shdr_mem; 2237 GElf_Shdr *gnu_hash_shdr = gelf_getshdr (gnu_hash_scn, &gnu_hash_shdr_mem); 2238 2239 if (hash_shdr == NULL || gnu_hash_shdr == NULL 2240 || hash_data == NULL || gnu_hash_data == NULL) 2241 /* None of these pointers should be NULL since we used the 2242 sections already. We are careful nonetheless. */ 2243 return; 2244 2245 /* The link must point to the same symbol table. */ 2246 if (hash_shdr->sh_link != gnu_hash_shdr->sh_link) 2247 { 2248 ERROR (gettext ("\ 2249 sh_link in hash sections [%2zu] '%s' and [%2zu] '%s' not identical\n"), 2250 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2251 gnu_hash_idx, 2252 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2253 return; 2254 } 2255 2256 Elf_Scn *sym_scn = elf_getscn (ebl->elf, hash_shdr->sh_link); 2257 Elf_Data *sym_data = elf_getdata (sym_scn, NULL); 2258 GElf_Shdr sym_shdr_mem; 2259 GElf_Shdr *sym_shdr = gelf_getshdr (sym_scn, &sym_shdr_mem); 2260 2261 if (sym_data == NULL || sym_shdr == NULL) 2262 return; 2263 2264 int nentries = sym_shdr->sh_size / sym_shdr->sh_entsize; 2265 char *used = alloca (nentries); 2266 memset (used, '\0', nentries); 2267 2268 /* First go over the GNU_HASH table and mark the entries as used. */ 2269 const Elf32_Word *gnu_hasharr = (Elf32_Word *) gnu_hash_data->d_buf; 2270 Elf32_Word gnu_nbucket = gnu_hasharr[0]; 2271 const int bitmap_factor = ehdr->e_ident[EI_CLASS] == ELFCLASS32 ? 1 : 2; 2272 const Elf32_Word *gnu_bucket = (gnu_hasharr 2273 + (4 + gnu_hasharr[2] * bitmap_factor)); 2274 const Elf32_Word *gnu_chain = gnu_bucket + gnu_hasharr[0] - gnu_hasharr[1]; 2275 2276 for (Elf32_Word cnt = 0; cnt < gnu_nbucket; ++cnt) 2277 { 2278 Elf32_Word symidx = gnu_bucket[cnt]; 2279 if (symidx != STN_UNDEF) 2280 do 2281 used[symidx] |= 1; 2282 while ((gnu_chain[symidx++] & 1u) == 0); 2283 } 2284 2285 /* Now go over the old hash table and check that we cover the same 2286 entries. */ 2287 if (hash_shdr->sh_entsize == sizeof (Elf32_Word)) 2288 { 2289 const Elf32_Word *hasharr = (Elf32_Word *) hash_data->d_buf; 2290 Elf32_Word nbucket = hasharr[0]; 2291 const Elf32_Word *bucket = &hasharr[2]; 2292 const Elf32_Word *chain = &hasharr[2 + nbucket]; 2293 2294 for (Elf32_Word cnt = 0; cnt < nbucket; ++cnt) 2295 { 2296 Elf32_Word symidx = bucket[cnt]; 2297 while (symidx != STN_UNDEF) 2298 { 2299 used[symidx] |= 2; 2300 symidx = chain[symidx]; 2301 } 2302 } 2303 } 2304 else 2305 { 2306 const Elf64_Xword *hasharr = (Elf64_Xword *) hash_data->d_buf; 2307 Elf64_Xword nbucket = hasharr[0]; 2308 const Elf64_Xword *bucket = &hasharr[2]; 2309 const Elf64_Xword *chain = &hasharr[2 + nbucket]; 2310 2311 for (Elf64_Xword cnt = 0; cnt < nbucket; ++cnt) 2312 { 2313 Elf64_Xword symidx = bucket[cnt]; 2314 while (symidx != STN_UNDEF) 2315 { 2316 used[symidx] |= 2; 2317 symidx = chain[symidx]; 2318 } 2319 } 2320 } 2321 2322 /* Now see which entries are not set in one or both hash tables 2323 (unless the symbol is undefined in which case it can be omitted 2324 in the new table format). */ 2325 if ((used[0] & 1) != 0) 2326 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2327 gnu_hash_idx, 2328 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2329 if ((used[0] & 2) != 0) 2330 ERROR (gettext ("section [%2zu] '%s': reference to symbol index 0\n"), 2331 hash_idx, elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2332 2333 for (int cnt = 1; cnt < nentries; ++cnt) 2334 if (used[cnt] != 0 && used[cnt] != 3) 2335 { 2336 if (used[cnt] == 1) 2337 ERROR (gettext ("\ 2338 symbol %d referenced in new hash table in [%2zu] '%s' but not in old hash table in [%2zu] '%s'\n"), 2339 cnt, gnu_hash_idx, 2340 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name), 2341 hash_idx, 2342 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name)); 2343 else 2344 { 2345 GElf_Sym sym_mem; 2346 GElf_Sym *sym = gelf_getsym (sym_data, cnt, &sym_mem); 2347 2348 if (sym != NULL && sym->st_shndx != STN_UNDEF) 2349 ERROR (gettext ("\ 2350 symbol %d referenced in old hash table in [%2zu] '%s' but not in new hash table in [%2zu] '%s'\n"), 2351 cnt, hash_idx, 2352 elf_strptr (ebl->elf, shstrndx, hash_shdr->sh_name), 2353 gnu_hash_idx, 2354 elf_strptr (ebl->elf, shstrndx, gnu_hash_shdr->sh_name)); 2355 } 2356 } 2357 } 2358 2359 2360 static void 2361 check_null (Ebl *ebl, GElf_Shdr *shdr, int idx) 2362 { 2363 #define TEST(name, extra) \ 2364 if (extra && shdr->sh_##name != 0) \ 2365 ERROR (gettext ("section [%2d] '%s': nonzero sh_%s for NULL section\n"), \ 2366 idx, section_name (ebl, idx), #name) 2367 2368 TEST (name, 1); 2369 TEST (flags, 1); 2370 TEST (addr, 1); 2371 TEST (offset, 1); 2372 TEST (size, idx != 0); 2373 TEST (link, idx != 0); 2374 TEST (info, 1); 2375 TEST (addralign, 1); 2376 TEST (entsize, 1); 2377 } 2378 2379 2380 static void 2381 check_group (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 2382 { 2383 if (ehdr->e_type != ET_REL) 2384 { 2385 ERROR (gettext ("\ 2386 section [%2d] '%s': section groups only allowed in relocatable object files\n"), 2387 idx, section_name (ebl, idx)); 2388 return; 2389 } 2390 2391 /* Check that sh_link is an index of a symbol table. */ 2392 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2393 GElf_Shdr symshdr_mem; 2394 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2395 if (symshdr == NULL) 2396 ERROR (gettext ("section [%2d] '%s': cannot get symbol table: %s\n"), 2397 idx, section_name (ebl, idx), elf_errmsg (-1)); 2398 else 2399 { 2400 if (symshdr->sh_type != SHT_SYMTAB) 2401 ERROR (gettext ("\ 2402 section [%2d] '%s': section reference in sh_link is no symbol table\n"), 2403 idx, section_name (ebl, idx)); 2404 2405 if (shdr->sh_info >= symshdr->sh_size / gelf_fsize (ebl->elf, ELF_T_SYM, 2406 1, EV_CURRENT)) 2407 ERROR (gettext ("\ 2408 section [%2d] '%s': invalid symbol index in sh_info\n"), 2409 idx, section_name (ebl, idx)); 2410 2411 if (shdr->sh_flags != 0) 2412 ERROR (gettext ("section [%2d] '%s': sh_flags not zero\n"), 2413 idx, section_name (ebl, idx)); 2414 2415 GElf_Sym sym_data; 2416 GElf_Sym *sym = gelf_getsym (elf_getdata (symscn, NULL), shdr->sh_info, 2417 &sym_data); 2418 if (sym == NULL) 2419 ERROR (gettext ("\ 2420 section [%2d] '%s': cannot get symbol for signature\n"), 2421 idx, section_name (ebl, idx)); 2422 else if (strcmp (elf_strptr (ebl->elf, symshdr->sh_link, sym->st_name), 2423 "") == 0) 2424 ERROR (gettext ("\ 2425 section [%2d] '%s': signature symbol cannot be empty string\n"), 2426 idx, section_name (ebl, idx)); 2427 2428 if (be_strict 2429 && shdr->sh_entsize != elf32_fsize (ELF_T_WORD, 1, EV_CURRENT)) 2430 ERROR (gettext ("section [%2d] '%s': sh_flags not set correctly\n"), 2431 idx, section_name (ebl, idx)); 2432 } 2433 2434 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2435 if (data == NULL) 2436 ERROR (gettext ("section [%2d] '%s': cannot get data: %s\n"), 2437 idx, section_name (ebl, idx), elf_errmsg (-1)); 2438 else 2439 { 2440 size_t elsize = elf32_fsize (ELF_T_WORD, 1, EV_CURRENT); 2441 size_t cnt; 2442 Elf32_Word val; 2443 2444 if (data->d_size % elsize != 0) 2445 ERROR (gettext ("\ 2446 section [%2d] '%s': section size not multiple of sizeof(Elf32_Word)\n"), 2447 idx, section_name (ebl, idx)); 2448 2449 if (data->d_size < elsize) 2450 ERROR (gettext ("\ 2451 section [%2d] '%s': section group without flags word\n"), 2452 idx, section_name (ebl, idx)); 2453 else if (be_strict) 2454 { 2455 if (data->d_size < 2 * elsize) 2456 ERROR (gettext ("\ 2457 section [%2d] '%s': section group without member\n"), 2458 idx, section_name (ebl, idx)); 2459 else if (data->d_size < 3 * elsize) 2460 ERROR (gettext ("\ 2461 section [%2d] '%s': section group with only one member\n"), 2462 idx, section_name (ebl, idx)); 2463 } 2464 2465 #if ALLOW_UNALIGNED 2466 val = *((Elf32_Word *) data->d_buf); 2467 #else 2468 memcpy (&val, data->d_buf, elsize); 2469 #endif 2470 if ((val & ~GRP_COMDAT) != 0) 2471 ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"), 2472 idx, section_name (ebl, idx)); 2473 2474 for (cnt = elsize; cnt < data->d_size; cnt += elsize) 2475 { 2476 #if ALLOW_UNALIGNED 2477 val = *((Elf32_Word *) ((char *) data->d_buf + cnt)); 2478 #else 2479 memcpy (&val, (char *) data->d_buf + cnt, elsize); 2480 #endif 2481 2482 if (val > shnum) 2483 ERROR (gettext ("\ 2484 section [%2d] '%s': section index %Zu out of range\n"), 2485 idx, section_name (ebl, idx), cnt / elsize); 2486 else 2487 { 2488 GElf_Shdr refshdr_mem; 2489 GElf_Shdr *refshdr = gelf_getshdr (elf_getscn (ebl->elf, val), 2490 &refshdr_mem); 2491 if (refshdr == NULL) 2492 ERROR (gettext ("\ 2493 section [%2d] '%s': cannot get section header for element %zu: %s\n"), 2494 idx, section_name (ebl, idx), cnt / elsize, 2495 elf_errmsg (-1)); 2496 else 2497 { 2498 if (refshdr->sh_type == SHT_GROUP) 2499 ERROR (gettext ("\ 2500 section [%2d] '%s': section group contains another group [%2d] '%s'\n"), 2501 idx, section_name (ebl, idx), 2502 val, section_name (ebl, val)); 2503 2504 if ((refshdr->sh_flags & SHF_GROUP) == 0) 2505 ERROR (gettext ("\ 2506 section [%2d] '%s': element %Zu references section [%2d] '%s' without SHF_GROUP flag set\n"), 2507 idx, section_name (ebl, idx), cnt / elsize, 2508 val, section_name (ebl, val)); 2509 } 2510 2511 if (++scnref[val] == 2) 2512 ERROR (gettext ("\ 2513 section [%2d] '%s' is contained in more than one section group\n"), 2514 val, section_name (ebl, val)); 2515 } 2516 } 2517 } 2518 } 2519 2520 2521 static const char * 2522 section_flags_string (GElf_Word flags, char *buf, size_t len) 2523 { 2524 if (flags == 0) 2525 return "none"; 2526 2527 static const struct 2528 { 2529 GElf_Word flag; 2530 const char *name; 2531 } known_flags[] = 2532 { 2533 #define NEWFLAG(name) { SHF_##name, #name } 2534 NEWFLAG (WRITE), 2535 NEWFLAG (ALLOC), 2536 NEWFLAG (EXECINSTR), 2537 NEWFLAG (MERGE), 2538 NEWFLAG (STRINGS), 2539 NEWFLAG (INFO_LINK), 2540 NEWFLAG (LINK_ORDER), 2541 NEWFLAG (OS_NONCONFORMING), 2542 NEWFLAG (GROUP), 2543 NEWFLAG (TLS) 2544 }; 2545 #undef NEWFLAG 2546 const size_t nknown_flags = sizeof (known_flags) / sizeof (known_flags[0]); 2547 2548 char *cp = buf; 2549 2550 for (size_t cnt = 0; cnt < nknown_flags; ++cnt) 2551 if (flags & known_flags[cnt].flag) 2552 { 2553 if (cp != buf && len > 1) 2554 { 2555 *cp++ = '|'; 2556 --len; 2557 } 2558 2559 size_t ncopy = MIN (len - 1, strlen (known_flags[cnt].name)); 2560 cp = mempcpy (cp, known_flags[cnt].name, ncopy); 2561 len -= ncopy; 2562 2563 flags ^= known_flags[cnt].flag; 2564 } 2565 2566 if (flags != 0 || cp == buf) 2567 snprintf (cp, len - 1, "%" PRIx64, (uint64_t) flags); 2568 2569 *cp = '\0'; 2570 2571 return buf; 2572 } 2573 2574 2575 static int 2576 has_copy_reloc (Ebl *ebl, unsigned int symscnndx, unsigned int symndx) 2577 { 2578 /* First find the relocation section for the symbol table. */ 2579 Elf_Scn *scn = NULL; 2580 GElf_Shdr shdr_mem; 2581 GElf_Shdr *shdr = NULL; 2582 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 2583 { 2584 shdr = gelf_getshdr (scn, &shdr_mem); 2585 if (shdr != NULL 2586 && (shdr->sh_type == SHT_REL || shdr->sh_type == SHT_RELA) 2587 && shdr->sh_link == symscnndx) 2588 /* Found the section. */ 2589 break; 2590 } 2591 2592 if (scn == NULL) 2593 return 0; 2594 2595 Elf_Data *data = elf_getdata (scn, NULL); 2596 if (data == NULL) 2597 return 0; 2598 2599 if (shdr->sh_type == SHT_REL) 2600 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2601 { 2602 GElf_Rel rel_mem; 2603 GElf_Rel *rel = gelf_getrel (data, i, &rel_mem); 2604 if (rel == NULL) 2605 continue; 2606 2607 if (GELF_R_SYM (rel->r_info) == symndx 2608 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rel->r_info))) 2609 return 1; 2610 } 2611 else 2612 for (int i = 0; (size_t) i < shdr->sh_size / shdr->sh_entsize; ++i) 2613 { 2614 GElf_Rela rela_mem; 2615 GElf_Rela *rela = gelf_getrela (data, i, &rela_mem); 2616 if (rela == NULL) 2617 continue; 2618 2619 if (GELF_R_SYM (rela->r_info) == symndx 2620 && ebl_copy_reloc_p (ebl, GELF_R_TYPE (rela->r_info))) 2621 return 1; 2622 } 2623 2624 return 0; 2625 } 2626 2627 2628 static int 2629 in_nobits_scn (Ebl *ebl, unsigned int shndx) 2630 { 2631 GElf_Shdr shdr_mem; 2632 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, shndx), &shdr_mem); 2633 return shdr != NULL && shdr->sh_type == SHT_NOBITS; 2634 } 2635 2636 2637 static struct version_namelist 2638 { 2639 const char *objname; 2640 const char *name; 2641 GElf_Versym ndx; 2642 enum { ver_def, ver_need } type; 2643 struct version_namelist *next; 2644 } *version_namelist; 2645 2646 2647 static int 2648 add_version (const char *objname, const char *name, GElf_Versym ndx, int type) 2649 { 2650 /* Check that there are no duplications. */ 2651 struct version_namelist *nlp = version_namelist; 2652 while (nlp != NULL) 2653 { 2654 if (((nlp->objname == NULL && objname == NULL) 2655 || (nlp->objname != NULL && objname != NULL 2656 && strcmp (nlp->objname, objname) == 0)) 2657 && strcmp (nlp->name, name) == 0) 2658 return nlp->type == ver_def ? 1 : -1; 2659 nlp = nlp->next; 2660 } 2661 2662 nlp = xmalloc (sizeof (*nlp)); 2663 nlp->objname = objname; 2664 nlp->name = name; 2665 nlp->ndx = ndx; 2666 nlp->type = type; 2667 nlp->next = version_namelist; 2668 version_namelist = nlp; 2669 2670 return 0; 2671 } 2672 2673 2674 static void 2675 check_versym (Ebl *ebl, int idx) 2676 { 2677 Elf_Scn *scn = elf_getscn (ebl->elf, idx); 2678 GElf_Shdr shdr_mem; 2679 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2680 if (shdr == NULL) 2681 /* The error has already been reported. */ 2682 return; 2683 2684 Elf_Data *data = elf_getdata (scn, NULL); 2685 if (data == NULL) 2686 { 2687 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2688 idx, section_name (ebl, idx)); 2689 return; 2690 } 2691 2692 Elf_Scn *symscn = elf_getscn (ebl->elf, shdr->sh_link); 2693 GElf_Shdr symshdr_mem; 2694 GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); 2695 if (symshdr == NULL) 2696 /* The error has already been reported. */ 2697 return; 2698 2699 if (symshdr->sh_type != SHT_DYNSYM) 2700 { 2701 ERROR (gettext ("\ 2702 section [%2d] '%s' refers in sh_link to section [%2d] '%s' which is no dynamic symbol table\n"), 2703 idx, section_name (ebl, idx), 2704 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2705 return; 2706 } 2707 2708 /* The number of elements in the version symbol table must be the 2709 same as the number of symbols. */ 2710 if (shdr->sh_size / shdr->sh_entsize 2711 != symshdr->sh_size / symshdr->sh_entsize) 2712 ERROR (gettext ("\ 2713 section [%2d] '%s' has different number of entries than symbol table [%2d] '%s'\n"), 2714 idx, section_name (ebl, idx), 2715 shdr->sh_link, section_name (ebl, shdr->sh_link)); 2716 2717 Elf_Data *symdata = elf_getdata (symscn, NULL); 2718 if (symdata == NULL) 2719 /* The error has already been reported. */ 2720 return; 2721 2722 for (int cnt = 1; (size_t) cnt < shdr->sh_size / shdr->sh_entsize; ++cnt) 2723 { 2724 GElf_Versym versym_mem; 2725 GElf_Versym *versym = gelf_getversym (data, cnt, &versym_mem); 2726 if (versym == NULL) 2727 { 2728 ERROR (gettext ("\ 2729 section [%2d] '%s': symbol %d: cannot read version data\n"), 2730 idx, section_name (ebl, idx), cnt); 2731 break; 2732 } 2733 2734 GElf_Sym sym_mem; 2735 GElf_Sym *sym = gelf_getsym (symdata, cnt, &sym_mem); 2736 if (sym == NULL) 2737 /* Already reported elsewhere. */ 2738 continue; 2739 2740 if (*versym == VER_NDX_GLOBAL) 2741 { 2742 /* Global symbol. Make sure it is not defined as local. */ 2743 if (GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2744 ERROR (gettext ("\ 2745 section [%2d] '%s': symbol %d: local symbol with global scope\n"), 2746 idx, section_name (ebl, idx), cnt); 2747 } 2748 else if (*versym != VER_NDX_LOCAL) 2749 { 2750 /* Versioned symbol. Make sure it is not defined as local. */ 2751 if (!gnuld && GELF_ST_BIND (sym->st_info) == STB_LOCAL) 2752 ERROR (gettext ("\ 2753 section [%2d] '%s': symbol %d: local symbol with version\n"), 2754 idx, section_name (ebl, idx), cnt); 2755 2756 /* Look through the list of defined versions and locate the 2757 index we need for this symbol. */ 2758 struct version_namelist *runp = version_namelist; 2759 while (runp != NULL) 2760 if (runp->ndx == (*versym & (GElf_Versym) 0x7fff)) 2761 break; 2762 else 2763 runp = runp->next; 2764 2765 if (runp == NULL) 2766 ERROR (gettext ("\ 2767 section [%2d] '%s': symbol %d: invalid version index %d\n"), 2768 idx, section_name (ebl, idx), cnt, (int) *versym); 2769 else if (sym->st_shndx == SHN_UNDEF 2770 && runp->type == ver_def) 2771 ERROR (gettext ("\ 2772 section [%2d] '%s': symbol %d: version index %d is for defined version\n"), 2773 idx, section_name (ebl, idx), cnt, (int) *versym); 2774 else if (sym->st_shndx != SHN_UNDEF 2775 && runp->type == ver_need) 2776 { 2777 /* Unless this symbol has a copy relocation associated 2778 this must not happen. */ 2779 if (!has_copy_reloc (ebl, shdr->sh_link, cnt) 2780 && !in_nobits_scn (ebl, sym->st_shndx)) 2781 ERROR (gettext ("\ 2782 section [%2d] '%s': symbol %d: version index %d is for requested version\n"), 2783 idx, section_name (ebl, idx), cnt, (int) *versym); 2784 } 2785 } 2786 } 2787 } 2788 2789 2790 static int 2791 unknown_dependency_p (Elf *elf, const char *fname) 2792 { 2793 GElf_Phdr phdr_mem; 2794 GElf_Phdr *phdr = NULL; 2795 2796 unsigned int i; 2797 for (i = 0; i < phnum; ++i) 2798 if ((phdr = gelf_getphdr (elf, i, &phdr_mem)) != NULL 2799 && phdr->p_type == PT_DYNAMIC) 2800 break; 2801 2802 if (i == phnum) 2803 return 1; 2804 assert (phdr != NULL); 2805 Elf_Scn *scn = gelf_offscn (elf, phdr->p_offset); 2806 GElf_Shdr shdr_mem; 2807 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 2808 Elf_Data *data = elf_getdata (scn, NULL); 2809 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC && data != NULL) 2810 for (size_t j = 0; j < shdr->sh_size / shdr->sh_entsize; ++j) 2811 { 2812 GElf_Dyn dyn_mem; 2813 GElf_Dyn *dyn = gelf_getdyn (data, j, &dyn_mem); 2814 if (dyn != NULL && dyn->d_tag == DT_NEEDED) 2815 { 2816 const char *str = elf_strptr (elf, shdr->sh_link, dyn->d_un.d_val); 2817 if (str != NULL && strcmp (str, fname) == 0) 2818 /* Found it. */ 2819 return 0; 2820 } 2821 } 2822 2823 return 1; 2824 } 2825 2826 2827 static unsigned int nverneed; 2828 2829 static void 2830 check_verneed (Ebl *ebl, GElf_Shdr *shdr, int idx) 2831 { 2832 if (++nverneed == 2) 2833 ERROR (gettext ("more than one version reference section present\n")); 2834 2835 GElf_Shdr strshdr_mem; 2836 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2837 &strshdr_mem); 2838 if (strshdr == NULL) 2839 return; 2840 if (strshdr->sh_type != SHT_STRTAB) 2841 ERROR (gettext ("\ 2842 section [%2d] '%s': sh_link does not link to string table\n"), 2843 idx, section_name (ebl, idx)); 2844 2845 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2846 if (data == NULL) 2847 { 2848 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2849 idx, section_name (ebl, idx)); 2850 return; 2851 } 2852 unsigned int offset = 0; 2853 for (int cnt = shdr->sh_info; --cnt >= 0; ) 2854 { 2855 /* Get the data at the next offset. */ 2856 GElf_Verneed needmem; 2857 GElf_Verneed *need = gelf_getverneed (data, offset, &needmem); 2858 if (need == NULL) 2859 break; 2860 2861 unsigned int auxoffset = offset + need->vn_aux; 2862 2863 if (need->vn_version != EV_CURRENT) 2864 ERROR (gettext ("\ 2865 section [%2d] '%s': entry %d has wrong version %d\n"), 2866 idx, section_name (ebl, idx), cnt, (int) need->vn_version); 2867 2868 if (need->vn_cnt > 0 && need->vn_aux < gelf_fsize (ebl->elf, ELF_T_VNEED, 2869 1, EV_CURRENT)) 2870 ERROR (gettext ("\ 2871 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 2872 idx, section_name (ebl, idx), cnt); 2873 2874 const char *libname = elf_strptr (ebl->elf, shdr->sh_link, 2875 need->vn_file); 2876 if (libname == NULL) 2877 { 2878 ERROR (gettext ("\ 2879 section [%2d] '%s': entry %d has invalid file reference\n"), 2880 idx, section_name (ebl, idx), cnt); 2881 goto next_need; 2882 } 2883 2884 /* Check that there is a DT_NEEDED entry for the referenced library. */ 2885 if (unknown_dependency_p (ebl->elf, libname)) 2886 ERROR (gettext ("\ 2887 section [%2d] '%s': entry %d references unknown dependency\n"), 2888 idx, section_name (ebl, idx), cnt); 2889 2890 for (int cnt2 = need->vn_cnt; --cnt2 >= 0; ) 2891 { 2892 GElf_Vernaux auxmem; 2893 GElf_Vernaux *aux = gelf_getvernaux (data, auxoffset, &auxmem); 2894 if (aux == NULL) 2895 break; 2896 2897 if ((aux->vna_flags & ~VER_FLG_WEAK) != 0) 2898 ERROR (gettext ("\ 2899 section [%2d] '%s': auxiliary entry %d of entry %d has unknown flag\n"), 2900 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2901 2902 const char *verstr = elf_strptr (ebl->elf, shdr->sh_link, 2903 aux->vna_name); 2904 if (verstr == NULL) 2905 ERROR (gettext ("\ 2906 section [%2d] '%s': auxiliary entry %d of entry %d has invalid name reference\n"), 2907 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2908 else 2909 { 2910 GElf_Word hashval = elf_hash (verstr); 2911 if (hashval != aux->vna_hash) 2912 ERROR (gettext ("\ 2913 section [%2d] '%s': auxiliary entry %d of entry %d has wrong hash value: %#x, expected %#x\n"), 2914 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2915 cnt, (int) hashval, (int) aux->vna_hash); 2916 2917 int res = add_version (libname, verstr, aux->vna_other, 2918 ver_need); 2919 if (unlikely (res !=0)) 2920 { 2921 assert (res > 0); 2922 ERROR (gettext ("\ 2923 section [%2d] '%s': auxiliary entry %d of entry %d has duplicate version name '%s'\n"), 2924 idx, section_name (ebl, idx), need->vn_cnt - cnt2, 2925 cnt, verstr); 2926 } 2927 } 2928 2929 if ((aux->vna_next != 0 || cnt2 > 0) 2930 && aux->vna_next < gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, 2931 EV_CURRENT)) 2932 { 2933 ERROR (gettext ("\ 2934 section [%2d] '%s': auxiliary entry %d of entry %d has wrong next field\n"), 2935 idx, section_name (ebl, idx), need->vn_cnt - cnt2, cnt); 2936 break; 2937 } 2938 2939 auxoffset += MAX (aux->vna_next, 2940 gelf_fsize (ebl->elf, ELF_T_VNAUX, 1, EV_CURRENT)); 2941 } 2942 2943 /* Find the next offset. */ 2944 next_need: 2945 offset += need->vn_next; 2946 2947 if ((need->vn_next != 0 || cnt > 0) 2948 && offset < auxoffset) 2949 ERROR (gettext ("\ 2950 section [%2d] '%s': entry %d has invalid offset to next entry\n"), 2951 idx, section_name (ebl, idx), cnt); 2952 } 2953 } 2954 2955 2956 static unsigned int nverdef; 2957 2958 static void 2959 check_verdef (Ebl *ebl, GElf_Shdr *shdr, int idx) 2960 { 2961 if (++nverdef == 2) 2962 ERROR (gettext ("more than one version definition section present\n")); 2963 2964 GElf_Shdr strshdr_mem; 2965 GElf_Shdr *strshdr = gelf_getshdr (elf_getscn (ebl->elf, shdr->sh_link), 2966 &strshdr_mem); 2967 if (strshdr == NULL) 2968 return; 2969 if (strshdr->sh_type != SHT_STRTAB) 2970 ERROR (gettext ("\ 2971 section [%2d] '%s': sh_link does not link to string table\n"), 2972 idx, section_name (ebl, idx)); 2973 2974 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 2975 if (data == NULL) 2976 { 2977 no_data: 2978 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 2979 idx, section_name (ebl, idx)); 2980 return; 2981 } 2982 2983 /* Iterate over all version definition entries. We check that there 2984 is a BASE entry and that each index is unique. To do the later 2985 we collection the information in a list which is later 2986 examined. */ 2987 struct namelist 2988 { 2989 const char *name; 2990 struct namelist *next; 2991 } *namelist = NULL; 2992 struct namelist *refnamelist = NULL; 2993 2994 bool has_base = false; 2995 unsigned int offset = 0; 2996 for (int cnt = shdr->sh_info; --cnt >= 0; ) 2997 { 2998 /* Get the data at the next offset. */ 2999 GElf_Verdef defmem; 3000 GElf_Verdef *def = gelf_getverdef (data, offset, &defmem); 3001 if (def == NULL) 3002 goto no_data; 3003 3004 if ((def->vd_flags & VER_FLG_BASE) != 0) 3005 { 3006 if (has_base) 3007 ERROR (gettext ("\ 3008 section [%2d] '%s': more than one BASE definition\n"), 3009 idx, section_name (ebl, idx)); 3010 if (def->vd_ndx != VER_NDX_GLOBAL) 3011 ERROR (gettext ("\ 3012 section [%2d] '%s': BASE definition must have index VER_NDX_GLOBAL\n"), 3013 idx, section_name (ebl, idx)); 3014 has_base = true; 3015 } 3016 if ((def->vd_flags & ~(VER_FLG_BASE|VER_FLG_WEAK)) != 0) 3017 ERROR (gettext ("\ 3018 section [%2d] '%s': entry %d has unknown flag\n"), 3019 idx, section_name (ebl, idx), cnt); 3020 3021 if (def->vd_version != EV_CURRENT) 3022 ERROR (gettext ("\ 3023 section [%2d] '%s': entry %d has wrong version %d\n"), 3024 idx, section_name (ebl, idx), cnt, (int) def->vd_version); 3025 3026 if (def->vd_cnt > 0 && def->vd_aux < gelf_fsize (ebl->elf, ELF_T_VDEF, 3027 1, EV_CURRENT)) 3028 ERROR (gettext ("\ 3029 section [%2d] '%s': entry %d has wrong offset of auxiliary data\n"), 3030 idx, section_name (ebl, idx), cnt); 3031 3032 unsigned int auxoffset = offset + def->vd_aux; 3033 GElf_Verdaux auxmem; 3034 GElf_Verdaux *aux = gelf_getverdaux (data, auxoffset, &auxmem); 3035 if (aux == NULL) 3036 goto no_data; 3037 3038 const char *name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3039 if (name == NULL) 3040 { 3041 ERROR (gettext ("\ 3042 section [%2d] '%s': entry %d has invalid name reference\n"), 3043 idx, section_name (ebl, idx), cnt); 3044 goto next_def; 3045 } 3046 GElf_Word hashval = elf_hash (name); 3047 if (def->vd_hash != hashval) 3048 ERROR (gettext ("\ 3049 section [%2d] '%s': entry %d has wrong hash value: %#x, expected %#x\n"), 3050 idx, section_name (ebl, idx), cnt, (int) hashval, 3051 (int) def->vd_hash); 3052 3053 int res = add_version (NULL, name, def->vd_ndx, ver_def); 3054 if (unlikely (res !=0)) 3055 { 3056 assert (res > 0); 3057 ERROR (gettext ("\ 3058 section [%2d] '%s': entry %d has duplicate version name '%s'\n"), 3059 idx, section_name (ebl, idx), cnt, name); 3060 } 3061 3062 struct namelist *newname = alloca (sizeof (*newname)); 3063 newname->name = name; 3064 newname->next = namelist; 3065 namelist = newname; 3066 3067 auxoffset += aux->vda_next; 3068 for (int cnt2 = 1; cnt2 < def->vd_cnt; ++cnt2) 3069 { 3070 aux = gelf_getverdaux (data, auxoffset, &auxmem); 3071 if (aux == NULL) 3072 goto no_data; 3073 3074 name = elf_strptr (ebl->elf, shdr->sh_link, aux->vda_name); 3075 if (name == NULL) 3076 ERROR (gettext ("\ 3077 section [%2d] '%s': entry %d has invalid name reference in auxiliary data\n"), 3078 idx, section_name (ebl, idx), cnt); 3079 else 3080 { 3081 newname = alloca (sizeof (*newname)); 3082 newname->name = name; 3083 newname->next = refnamelist; 3084 refnamelist = newname; 3085 } 3086 3087 if ((aux->vda_next != 0 || cnt2 + 1 < def->vd_cnt) 3088 && aux->vda_next < gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, 3089 EV_CURRENT)) 3090 { 3091 ERROR (gettext ("\ 3092 section [%2d] '%s': entry %d has wrong next field in auxiliary data\n"), 3093 idx, section_name (ebl, idx), cnt); 3094 break; 3095 } 3096 3097 auxoffset += MAX (aux->vda_next, 3098 gelf_fsize (ebl->elf, ELF_T_VDAUX, 1, EV_CURRENT)); 3099 } 3100 3101 /* Find the next offset. */ 3102 next_def: 3103 offset += def->vd_next; 3104 3105 if ((def->vd_next != 0 || cnt > 0) 3106 && offset < auxoffset) 3107 ERROR (gettext ("\ 3108 section [%2d] '%s': entry %d has invalid offset to next entry\n"), 3109 idx, section_name (ebl, idx), cnt); 3110 } 3111 3112 if (!has_base) 3113 ERROR (gettext ("section [%2d] '%s': no BASE definition\n"), 3114 idx, section_name (ebl, idx)); 3115 3116 /* Check whether the referenced names are available. */ 3117 while (namelist != NULL) 3118 { 3119 struct version_namelist *runp = version_namelist; 3120 while (runp != NULL) 3121 { 3122 if (runp->type == ver_def 3123 && strcmp (runp->name, namelist->name) == 0) 3124 break; 3125 runp = runp->next; 3126 } 3127 3128 if (runp == NULL) 3129 ERROR (gettext ("\ 3130 section [%2d] '%s': unknown parent version '%s'\n"), 3131 idx, section_name (ebl, idx), namelist->name); 3132 3133 namelist = namelist->next; 3134 } 3135 } 3136 3137 static void 3138 check_attributes (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 3139 { 3140 if (shdr->sh_size == 0) 3141 { 3142 ERROR (gettext ("section [%2d] '%s': empty object attributes section\n"), 3143 idx, section_name (ebl, idx)); 3144 return; 3145 } 3146 3147 Elf_Data *data = elf_rawdata (elf_getscn (ebl->elf, idx), NULL); 3148 if (data == NULL || data->d_size == 0) 3149 { 3150 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 3151 idx, section_name (ebl, idx)); 3152 return; 3153 } 3154 3155 inline size_t pos (const unsigned char *p) 3156 { 3157 return p - (const unsigned char *) data->d_buf; 3158 } 3159 3160 const unsigned char *p = data->d_buf; 3161 if (*p++ != 'A') 3162 { 3163 ERROR (gettext ("section [%2d] '%s': unrecognized attribute format\n"), 3164 idx, section_name (ebl, idx)); 3165 return; 3166 } 3167 3168 inline size_t left (void) 3169 { 3170 return (const unsigned char *) data->d_buf + data->d_size - p; 3171 } 3172 3173 while (left () >= 4) 3174 { 3175 uint32_t len; 3176 memcpy (&len, p, sizeof len); 3177 3178 if (len == 0) 3179 ERROR (gettext ("\ 3180 section [%2d] '%s': offset %zu: zero length field in attribute section\n"), 3181 idx, section_name (ebl, idx), pos (p)); 3182 3183 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3184 CONVERT (len); 3185 3186 if (len > left ()) 3187 { 3188 ERROR (gettext ("\ 3189 section [%2d] '%s': offset %zu: invalid length in attribute section\n"), 3190 idx, section_name (ebl, idx), pos (p)); 3191 break; 3192 } 3193 3194 const unsigned char *name = p + sizeof len; 3195 p += len; 3196 3197 unsigned const char *q = memchr (name, '\0', len); 3198 if (q == NULL) 3199 { 3200 ERROR (gettext ("\ 3201 section [%2d] '%s': offset %zu: unterminated vendor name string\n"), 3202 idx, section_name (ebl, idx), pos (p)); 3203 continue; 3204 } 3205 ++q; 3206 3207 if (q - name == sizeof "gnu" && !memcmp (name, "gnu", sizeof "gnu")) 3208 while (q < p) 3209 { 3210 unsigned const char *chunk = q; 3211 3212 unsigned int subsection_tag; 3213 get_uleb128 (subsection_tag, q); 3214 3215 if (q >= p) 3216 { 3217 ERROR (gettext ("\ 3218 section [%2d] '%s': offset %zu: endless ULEB128 in attribute subsection tag\n"), 3219 idx, section_name (ebl, idx), pos (chunk)); 3220 break; 3221 } 3222 3223 uint32_t subsection_len; 3224 if (p - q < (ptrdiff_t) sizeof subsection_len) 3225 { 3226 ERROR (gettext ("\ 3227 section [%2d] '%s': offset %zu: truncated attribute section\n"), 3228 idx, section_name (ebl, idx), pos (q)); 3229 break; 3230 } 3231 3232 memcpy (&subsection_len, q, sizeof subsection_len); 3233 if (subsection_len == 0) 3234 { 3235 ERROR (gettext ("\ 3236 section [%2d] '%s': offset %zu: zero length field in attribute subsection\n"), 3237 idx, section_name (ebl, idx), pos (q)); 3238 3239 q += sizeof subsection_len; 3240 continue; 3241 } 3242 3243 if (MY_ELFDATA != ehdr->e_ident[EI_DATA]) 3244 CONVERT (subsection_len); 3245 3246 if (p - chunk < (ptrdiff_t) subsection_len) 3247 { 3248 ERROR (gettext ("\ 3249 section [%2d] '%s': offset %zu: invalid length in attribute subsection\n"), 3250 idx, section_name (ebl, idx), pos (q)); 3251 break; 3252 } 3253 3254 const unsigned char *subsection_end = chunk + subsection_len; 3255 chunk = q; 3256 q = subsection_end; 3257 3258 if (subsection_tag != 1) /* Tag_File */ 3259 ERROR (gettext ("\ 3260 section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"), 3261 idx, section_name (ebl, idx), pos (chunk), subsection_tag); 3262 else 3263 { 3264 chunk += sizeof subsection_len; 3265 while (chunk < q) 3266 { 3267 unsigned int tag; 3268 get_uleb128 (tag, chunk); 3269 3270 uint64_t value = 0; 3271 const unsigned char *r = chunk; 3272 if (tag == 32 || (tag & 1) == 0) 3273 { 3274 get_uleb128 (value, r); 3275 if (r > q) 3276 { 3277 ERROR (gettext ("\ 3278 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"), 3279 idx, section_name (ebl, idx), pos (chunk)); 3280 break; 3281 } 3282 } 3283 if (tag == 32 || (tag & 1) != 0) 3284 { 3285 r = memchr (r, '\0', q - r); 3286 if (r == NULL) 3287 { 3288 ERROR (gettext ("\ 3289 section [%2d] '%s': offset %zu: unterminated string in attribute\n"), 3290 idx, section_name (ebl, idx), pos (chunk)); 3291 break; 3292 } 3293 ++r; 3294 } 3295 3296 const char *tag_name = NULL; 3297 const char *value_name = NULL; 3298 if (!ebl_check_object_attribute (ebl, (const char *) name, 3299 tag, value, 3300 &tag_name, &value_name)) 3301 ERROR (gettext ("\ 3302 section [%2d] '%s': offset %zu: unrecognized attribute tag %u\n"), 3303 idx, section_name (ebl, idx), pos (chunk), tag); 3304 else if ((tag & 1) == 0 && value_name == NULL) 3305 ERROR (gettext ("\ 3306 section [%2d] '%s': offset %zu: unrecognized %s attribute value %" PRIu64 "\n"), 3307 idx, section_name (ebl, idx), pos (chunk), 3308 tag_name, value); 3309 3310 chunk = r; 3311 } 3312 } 3313 } 3314 else 3315 ERROR (gettext ("\ 3316 section [%2d] '%s': offset %zu: vendor '%s' unknown\n"), 3317 idx, section_name (ebl, idx), pos (p), name); 3318 } 3319 3320 if (left () != 0) 3321 ERROR (gettext ("\ 3322 section [%2d] '%s': offset %zu: extra bytes after last attribute section\n"), 3323 idx, section_name (ebl, idx), pos (p)); 3324 } 3325 3326 static bool has_loadable_segment; 3327 static bool has_interp_segment; 3328 3329 static const struct 3330 { 3331 const char *name; 3332 size_t namelen; 3333 GElf_Word type; 3334 enum { unused, exact, atleast, exact_or_gnuld } attrflag; 3335 GElf_Word attr; 3336 GElf_Word attr2; 3337 } special_sections[] = 3338 { 3339 /* See figure 4-14 in the gABI. */ 3340 { ".bss", 5, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3341 { ".comment", 8, SHT_PROGBITS, atleast, 0, SHF_MERGE | SHF_STRINGS }, 3342 { ".data", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3343 { ".data1", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3344 { ".debug_str", 11, SHT_PROGBITS, exact_or_gnuld, SHF_MERGE | SHF_STRINGS, 0 }, 3345 { ".debug", 6, SHT_PROGBITS, exact, 0, 0 }, 3346 { ".dynamic", 9, SHT_DYNAMIC, atleast, SHF_ALLOC, SHF_WRITE }, 3347 { ".dynstr", 8, SHT_STRTAB, exact, SHF_ALLOC, 0 }, 3348 { ".dynsym", 8, SHT_DYNSYM, exact, SHF_ALLOC, 0 }, 3349 { ".fini", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3350 { ".fini_array", 12, SHT_FINI_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3351 { ".got", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more info? 3352 { ".hash", 6, SHT_HASH, exact, SHF_ALLOC, 0 }, 3353 { ".init", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3354 { ".init_array", 12, SHT_INIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3355 { ".interp", 8, SHT_PROGBITS, atleast, 0, SHF_ALLOC }, // XXX more tests? 3356 { ".line", 6, SHT_PROGBITS, exact, 0, 0 }, 3357 { ".note", 6, SHT_NOTE, atleast, 0, SHF_ALLOC }, 3358 { ".plt", 5, SHT_PROGBITS, unused, 0, 0 }, // XXX more tests 3359 { ".preinit_array", 15, SHT_PREINIT_ARRAY, exact, SHF_ALLOC | SHF_WRITE, 0 }, 3360 { ".rela", 5, SHT_RELA, atleast, 0, SHF_ALLOC }, // XXX more tests 3361 { ".rel", 4, SHT_REL, atleast, 0, SHF_ALLOC }, // XXX more tests 3362 { ".rodata", 8, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3363 { ".rodata1", 9, SHT_PROGBITS, atleast, SHF_ALLOC, SHF_MERGE | SHF_STRINGS }, 3364 { ".shstrtab", 10, SHT_STRTAB, exact, 0, 0 }, 3365 { ".strtab", 8, SHT_STRTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3366 { ".symtab", 8, SHT_SYMTAB, atleast, 0, SHF_ALLOC }, // XXX more tests 3367 { ".symtab_shndx", 14, SHT_SYMTAB_SHNDX, atleast, 0, SHF_ALLOC }, // XXX more tests 3368 { ".tbss", 6, SHT_NOBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3369 { ".tdata", 7, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3370 { ".tdata1", 8, SHT_PROGBITS, exact, SHF_ALLOC | SHF_WRITE | SHF_TLS, 0 }, 3371 { ".text", 6, SHT_PROGBITS, exact, SHF_ALLOC | SHF_EXECINSTR, 0 }, 3372 3373 /* The following are GNU extensions. */ 3374 { ".gnu.version", 13, SHT_GNU_versym, exact, SHF_ALLOC, 0 }, 3375 { ".gnu.version_d", 15, SHT_GNU_verdef, exact, SHF_ALLOC, 0 }, 3376 { ".gnu.version_r", 15, SHT_GNU_verneed, exact, SHF_ALLOC, 0 }, 3377 { ".gnu.attributes", 16, SHT_GNU_ATTRIBUTES, exact, 0, 0 }, 3378 }; 3379 #define nspecial_sections \ 3380 (sizeof (special_sections) / sizeof (special_sections[0])) 3381 3382 #define IS_KNOWN_SPECIAL(idx, string, prefix) \ 3383 (special_sections[idx].namelen == sizeof string - (prefix ? 1 : 0) \ 3384 && !memcmp (special_sections[idx].name, string, \ 3385 sizeof string - (prefix ? 1 : 0))) 3386 3387 3388 /* Indeces of some sections we need later. */ 3389 static size_t eh_frame_hdr_scnndx; 3390 static size_t eh_frame_scnndx; 3391 static size_t gcc_except_table_scnndx; 3392 3393 3394 static void 3395 check_sections (Ebl *ebl, GElf_Ehdr *ehdr) 3396 { 3397 if (ehdr->e_shoff == 0) 3398 /* No section header. */ 3399 return; 3400 3401 /* Allocate array to count references in section groups. */ 3402 scnref = (int *) xcalloc (shnum, sizeof (int)); 3403 3404 /* Check the zeroth section first. It must not have any contents 3405 and the section header must contain nonzero value at most in the 3406 sh_size and sh_link fields. */ 3407 GElf_Shdr shdr_mem; 3408 GElf_Shdr *shdr = gelf_getshdr (elf_getscn (ebl->elf, 0), &shdr_mem); 3409 if (shdr == NULL) 3410 ERROR (gettext ("cannot get section header of zeroth section\n")); 3411 else 3412 { 3413 if (shdr->sh_name != 0) 3414 ERROR (gettext ("zeroth section has nonzero name\n")); 3415 if (shdr->sh_type != 0) 3416 ERROR (gettext ("zeroth section has nonzero type\n")); 3417 if (shdr->sh_flags != 0) 3418 ERROR (gettext ("zeroth section has nonzero flags\n")); 3419 if (shdr->sh_addr != 0) 3420 ERROR (gettext ("zeroth section has nonzero address\n")); 3421 if (shdr->sh_offset != 0) 3422 ERROR (gettext ("zeroth section has nonzero offset\n")); 3423 if (shdr->sh_addralign != 0) 3424 ERROR (gettext ("zeroth section has nonzero align value\n")); 3425 if (shdr->sh_entsize != 0) 3426 ERROR (gettext ("zeroth section has nonzero entry size value\n")); 3427 3428 if (shdr->sh_size != 0 && ehdr->e_shnum != 0) 3429 ERROR (gettext ("\ 3430 zeroth section has nonzero size value while ELF header has nonzero shnum value\n")); 3431 3432 if (shdr->sh_link != 0 && ehdr->e_shstrndx != SHN_XINDEX) 3433 ERROR (gettext ("\ 3434 zeroth section has nonzero link value while ELF header does not signal overflow in shstrndx\n")); 3435 3436 if (shdr->sh_info != 0 && ehdr->e_phnum != PN_XNUM) 3437 ERROR (gettext ("\ 3438 zeroth section has nonzero link value while ELF header does not signal overflow in phnum\n")); 3439 } 3440 3441 int *segment_flags = xcalloc (phnum, sizeof segment_flags[0]); 3442 3443 bool dot_interp_section = false; 3444 3445 size_t hash_idx = 0; 3446 size_t gnu_hash_idx = 0; 3447 3448 size_t versym_scnndx = 0; 3449 for (size_t cnt = 1; cnt < shnum; ++cnt) 3450 { 3451 shdr = gelf_getshdr (elf_getscn (ebl->elf, cnt), &shdr_mem); 3452 if (shdr == NULL) 3453 { 3454 ERROR (gettext ("\ 3455 cannot get section header for section [%2zu] '%s': %s\n"), 3456 cnt, section_name (ebl, cnt), elf_errmsg (-1)); 3457 continue; 3458 } 3459 3460 const char *scnname = elf_strptr (ebl->elf, shstrndx, shdr->sh_name); 3461 3462 if (scnname == NULL) 3463 ERROR (gettext ("section [%2zu]: invalid name\n"), cnt); 3464 else 3465 { 3466 /* Check whether it is one of the special sections defined in 3467 the gABI. */ 3468 size_t s; 3469 for (s = 0; s < nspecial_sections; ++s) 3470 if (strncmp (scnname, special_sections[s].name, 3471 special_sections[s].namelen) == 0) 3472 { 3473 char stbuf1[100]; 3474 char stbuf2[100]; 3475 char stbuf3[100]; 3476 3477 GElf_Word good_type = special_sections[s].type; 3478 if (IS_KNOWN_SPECIAL (s, ".plt", false) 3479 && ebl_bss_plt_p (ebl, ehdr)) 3480 good_type = SHT_NOBITS; 3481 3482 /* In a debuginfo file, any normal section can be SHT_NOBITS. 3483 This is only invalid for DWARF sections and .shstrtab. */ 3484 if (shdr->sh_type != good_type 3485 && (shdr->sh_type != SHT_NOBITS 3486 || !is_debuginfo 3487 || IS_KNOWN_SPECIAL (s, ".debug_str", false) 3488 || IS_KNOWN_SPECIAL (s, ".debug", true) 3489 || IS_KNOWN_SPECIAL (s, ".shstrtab", false))) 3490 ERROR (gettext ("\ 3491 section [%2d] '%s' has wrong type: expected %s, is %s\n"), 3492 (int) cnt, scnname, 3493 ebl_section_type_name (ebl, special_sections[s].type, 3494 stbuf1, sizeof (stbuf1)), 3495 ebl_section_type_name (ebl, shdr->sh_type, 3496 stbuf2, sizeof (stbuf2))); 3497 3498 if (special_sections[s].attrflag == exact 3499 || special_sections[s].attrflag == exact_or_gnuld) 3500 { 3501 /* Except for the link order and group bit all the 3502 other bits should match exactly. */ 3503 if ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP)) 3504 != special_sections[s].attr 3505 && (special_sections[s].attrflag == exact || !gnuld)) 3506 ERROR (gettext ("\ 3507 section [%2zu] '%s' has wrong flags: expected %s, is %s\n"), 3508 cnt, scnname, 3509 section_flags_string (special_sections[s].attr, 3510 stbuf1, sizeof (stbuf1)), 3511 section_flags_string (shdr->sh_flags 3512 & ~SHF_LINK_ORDER, 3513 stbuf2, sizeof (stbuf2))); 3514 } 3515 else if (special_sections[s].attrflag == atleast) 3516 { 3517 if ((shdr->sh_flags & special_sections[s].attr) 3518 != special_sections[s].attr 3519 || ((shdr->sh_flags & ~(SHF_LINK_ORDER | SHF_GROUP 3520 | special_sections[s].attr 3521 | special_sections[s].attr2)) 3522 != 0)) 3523 ERROR (gettext ("\ 3524 section [%2zu] '%s' has wrong flags: expected %s and possibly %s, is %s\n"), 3525 cnt, scnname, 3526 section_flags_string (special_sections[s].attr, 3527 stbuf1, sizeof (stbuf1)), 3528 section_flags_string (special_sections[s].attr2, 3529 stbuf2, sizeof (stbuf2)), 3530 section_flags_string (shdr->sh_flags 3531 & ~(SHF_LINK_ORDER 3532 | SHF_GROUP), 3533 stbuf3, sizeof (stbuf3))); 3534 } 3535 3536 if (strcmp (scnname, ".interp") == 0) 3537 { 3538 dot_interp_section = true; 3539 3540 if (ehdr->e_type == ET_REL) 3541 ERROR (gettext ("\ 3542 section [%2zu] '%s' present in object file\n"), 3543 cnt, scnname); 3544 3545 if ((shdr->sh_flags & SHF_ALLOC) != 0 3546 && !has_loadable_segment) 3547 ERROR (gettext ("\ 3548 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3549 cnt, scnname); 3550 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3551 && has_loadable_segment) 3552 ERROR (gettext ("\ 3553 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3554 cnt, scnname); 3555 } 3556 else 3557 { 3558 if (strcmp (scnname, ".symtab_shndx") == 0 3559 && ehdr->e_type != ET_REL) 3560 ERROR (gettext ("\ 3561 section [%2zu] '%s' is extension section index table in non-object file\n"), 3562 cnt, scnname); 3563 3564 /* These sections must have the SHF_ALLOC flag set iff 3565 a loadable segment is available. 3566 3567 .relxxx 3568 .strtab 3569 .symtab 3570 .symtab_shndx 3571 3572 Check that if there is a reference from the 3573 loaded section these sections also have the 3574 ALLOC flag set. */ 3575 #if 0 3576 // XXX TODO 3577 if ((shdr->sh_flags & SHF_ALLOC) != 0 3578 && !has_loadable_segment) 3579 ERROR (gettext ("\ 3580 section [%2zu] '%s' has SHF_ALLOC flag set but there is no loadable segment\n"), 3581 cnt, scnname); 3582 else if ((shdr->sh_flags & SHF_ALLOC) == 0 3583 && has_loadable_segment) 3584 ERROR (gettext ("\ 3585 section [%2zu] '%s' has SHF_ALLOC flag not set but there are loadable segments\n"), 3586 cnt, scnname); 3587 #endif 3588 } 3589 3590 break; 3591 } 3592 3593 /* Remember a few special sections for later. */ 3594 if (strcmp (scnname, ".eh_frame_hdr") == 0) 3595 eh_frame_hdr_scnndx = cnt; 3596 else if (strcmp (scnname, ".eh_frame") == 0) 3597 eh_frame_scnndx = cnt; 3598 else if (strcmp (scnname, ".gcc_except_table") == 0) 3599 gcc_except_table_scnndx = cnt; 3600 } 3601 3602 if (shdr->sh_entsize != 0 && shdr->sh_size % shdr->sh_entsize) 3603 ERROR (gettext ("\ 3604 section [%2zu] '%s': size not multiple of entry size\n"), 3605 cnt, section_name (ebl, cnt)); 3606 3607 if (elf_strptr (ebl->elf, shstrndx, shdr->sh_name) == NULL) 3608 ERROR (gettext ("cannot get section header\n")); 3609 3610 if (shdr->sh_type >= SHT_NUM 3611 && shdr->sh_type != SHT_GNU_ATTRIBUTES 3612 && shdr->sh_type != SHT_GNU_LIBLIST 3613 && shdr->sh_type != SHT_CHECKSUM 3614 && shdr->sh_type != SHT_GNU_verdef 3615 && shdr->sh_type != SHT_GNU_verneed 3616 && shdr->sh_type != SHT_GNU_versym 3617 && ebl_section_type_name (ebl, shdr->sh_type, NULL, 0) == NULL) 3618 ERROR (gettext ("section [%2zu] '%s' has unsupported type %d\n"), 3619 cnt, section_name (ebl, cnt), 3620 (int) shdr->sh_type); 3621 3622 #define ALL_SH_FLAGS (SHF_WRITE | SHF_ALLOC | SHF_EXECINSTR | SHF_MERGE \ 3623 | SHF_STRINGS | SHF_INFO_LINK | SHF_LINK_ORDER \ 3624 | SHF_OS_NONCONFORMING | SHF_GROUP | SHF_TLS) 3625 if (shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS) 3626 { 3627 GElf_Xword sh_flags = shdr->sh_flags & ~(GElf_Xword) ALL_SH_FLAGS; 3628 if (sh_flags & SHF_MASKPROC) 3629 { 3630 if (!ebl_machine_section_flag_check (ebl, 3631 sh_flags & SHF_MASKPROC)) 3632 ERROR (gettext ("section [%2zu] '%s'" 3633 " contains invalid processor-specific flag(s)" 3634 " %#" PRIx64 "\n"), 3635 cnt, section_name (ebl, cnt), sh_flags & SHF_MASKPROC); 3636 sh_flags &= ~(GElf_Xword) SHF_MASKPROC; 3637 } 3638 if (sh_flags != 0) 3639 ERROR (gettext ("section [%2zu] '%s' contains unknown flag(s)" 3640 " %#" PRIx64 "\n"), 3641 cnt, section_name (ebl, cnt), sh_flags); 3642 } 3643 if (shdr->sh_flags & SHF_TLS) 3644 { 3645 // XXX Correct? 3646 if (shdr->sh_addr != 0 && !gnuld) 3647 ERROR (gettext ("\ 3648 section [%2zu] '%s': thread-local data sections address not zero\n"), 3649 cnt, section_name (ebl, cnt)); 3650 3651 // XXX TODO more tests!? 3652 } 3653 3654 if (shdr->sh_link >= shnum) 3655 ERROR (gettext ("\ 3656 section [%2zu] '%s': invalid section reference in link value\n"), 3657 cnt, section_name (ebl, cnt)); 3658 3659 if (SH_INFO_LINK_P (shdr) && shdr->sh_info >= shnum) 3660 ERROR (gettext ("\ 3661 section [%2zu] '%s': invalid section reference in info value\n"), 3662 cnt, section_name (ebl, cnt)); 3663 3664 if ((shdr->sh_flags & SHF_MERGE) == 0 3665 && (shdr->sh_flags & SHF_STRINGS) != 0 3666 && be_strict) 3667 ERROR (gettext ("\ 3668 section [%2zu] '%s': strings flag set without merge flag\n"), 3669 cnt, section_name (ebl, cnt)); 3670 3671 if ((shdr->sh_flags & SHF_MERGE) != 0 && shdr->sh_entsize == 0) 3672 ERROR (gettext ("\ 3673 section [%2zu] '%s': merge flag set but entry size is zero\n"), 3674 cnt, section_name (ebl, cnt)); 3675 3676 if (shdr->sh_flags & SHF_GROUP) 3677 check_scn_group (ebl, cnt); 3678 3679 if (shdr->sh_flags & SHF_EXECINSTR) 3680 { 3681 switch (shdr->sh_type) 3682 { 3683 case SHT_PROGBITS: 3684 break; 3685 3686 case SHT_NOBITS: 3687 if (is_debuginfo) 3688 break; 3689 default: 3690 ERROR (gettext ("\ 3691 section [%2zu] '%s' has unexpected type %d for an executable section\n"), 3692 cnt, section_name (ebl, cnt), shdr->sh_type); 3693 break; 3694 } 3695 3696 if ((shdr->sh_flags & SHF_WRITE) 3697 && !ebl_check_special_section (ebl, cnt, shdr, 3698 section_name (ebl, cnt))) 3699 ERROR (gettext ("\ 3700 section [%2zu] '%s' is both executable and writable\n"), 3701 cnt, section_name (ebl, cnt)); 3702 } 3703 3704 if (ehdr->e_type != ET_REL && (shdr->sh_flags & SHF_ALLOC) != 0) 3705 { 3706 /* Make sure the section is contained in a loaded segment 3707 and that the initialization part matches NOBITS sections. */ 3708 unsigned int pcnt; 3709 GElf_Phdr phdr_mem; 3710 GElf_Phdr *phdr; 3711 3712 for (pcnt = 0; pcnt < phnum; ++pcnt) 3713 if ((phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem)) != NULL 3714 && ((phdr->p_type == PT_LOAD 3715 && (shdr->sh_flags & SHF_TLS) == 0) 3716 || (phdr->p_type == PT_TLS 3717 && (shdr->sh_flags & SHF_TLS) != 0)) 3718 && phdr->p_offset <= shdr->sh_offset 3719 && (phdr->p_offset + phdr->p_filesz > shdr->sh_offset 3720 || (phdr->p_offset + phdr->p_memsz > shdr->sh_offset 3721 && shdr->sh_type == SHT_NOBITS))) 3722 { 3723 /* Found the segment. */ 3724 if (phdr->p_offset + phdr->p_memsz 3725 < shdr->sh_offset + shdr->sh_size) 3726 ERROR (gettext ("\ 3727 section [%2zu] '%s' not fully contained in segment of program header entry %d\n"), 3728 cnt, section_name (ebl, cnt), pcnt); 3729 3730 if (shdr->sh_type == SHT_NOBITS) 3731 { 3732 if (shdr->sh_offset < phdr->p_offset + phdr->p_filesz 3733 && !is_debuginfo) 3734 ERROR (gettext ("\ 3735 section [%2zu] '%s' has type NOBITS but is read from the file in segment of program header entry %d\n"), 3736 cnt, section_name (ebl, cnt), pcnt); 3737 } 3738 else 3739 { 3740 const GElf_Off end = phdr->p_offset + phdr->p_filesz; 3741 if (shdr->sh_offset > end || 3742 (shdr->sh_offset == end && shdr->sh_size != 0)) 3743 ERROR (gettext ("\ 3744 section [%2zu] '%s' has not type NOBITS but is not read from the file in segment of program header entry %d\n"), 3745 cnt, section_name (ebl, cnt), pcnt); 3746 } 3747 3748 if (shdr->sh_type != SHT_NOBITS) 3749 { 3750 if ((shdr->sh_flags & SHF_EXECINSTR) != 0) 3751 { 3752 segment_flags[pcnt] |= PF_X; 3753 if ((phdr->p_flags & PF_X) == 0) 3754 ERROR (gettext ("\ 3755 section [%2zu] '%s' is executable in nonexecutable segment %d\n"), 3756 cnt, section_name (ebl, cnt), pcnt); 3757 } 3758 3759 if ((shdr->sh_flags & SHF_WRITE) != 0) 3760 { 3761 segment_flags[pcnt] |= PF_W; 3762 if (0 /* XXX vdso images have this */ 3763 && (phdr->p_flags & PF_W) == 0) 3764 ERROR (gettext ("\ 3765 section [%2zu] '%s' is writable in unwritable segment %d\n"), 3766 cnt, section_name (ebl, cnt), pcnt); 3767 } 3768 } 3769 3770 break; 3771 } 3772 3773 if (pcnt == phnum) 3774 ERROR (gettext ("\ 3775 section [%2zu] '%s': alloc flag set but section not in any loaded segment\n"), 3776 cnt, section_name (ebl, cnt)); 3777 } 3778 3779 if (cnt == shstrndx && shdr->sh_type != SHT_STRTAB) 3780 ERROR (gettext ("\ 3781 section [%2zu] '%s': ELF header says this is the section header string table but type is not SHT_TYPE\n"), 3782 cnt, section_name (ebl, cnt)); 3783 3784 switch (shdr->sh_type) 3785 { 3786 case SHT_DYNSYM: 3787 if (ehdr->e_type == ET_REL) 3788 ERROR (gettext ("\ 3789 section [%2zu] '%s': relocatable files cannot have dynamic symbol tables\n"), 3790 cnt, section_name (ebl, cnt)); 3791 /* FALLTHROUGH */ 3792 case SHT_SYMTAB: 3793 check_symtab (ebl, ehdr, shdr, cnt); 3794 break; 3795 3796 case SHT_RELA: 3797 check_rela (ebl, ehdr, shdr, cnt); 3798 break; 3799 3800 case SHT_REL: 3801 check_rel (ebl, ehdr, shdr, cnt); 3802 break; 3803 3804 case SHT_DYNAMIC: 3805 check_dynamic (ebl, ehdr, shdr, cnt); 3806 break; 3807 3808 case SHT_SYMTAB_SHNDX: 3809 check_symtab_shndx (ebl, ehdr, shdr, cnt); 3810 break; 3811 3812 case SHT_HASH: 3813 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3814 hash_idx = cnt; 3815 break; 3816 3817 case SHT_GNU_HASH: 3818 check_hash (shdr->sh_type, ebl, ehdr, shdr, cnt); 3819 gnu_hash_idx = cnt; 3820 break; 3821 3822 case SHT_NULL: 3823 check_null (ebl, shdr, cnt); 3824 break; 3825 3826 case SHT_GROUP: 3827 check_group (ebl, ehdr, shdr, cnt); 3828 break; 3829 3830 case SHT_NOTE: 3831 check_note_section (ebl, ehdr, shdr, cnt); 3832 break; 3833 3834 case SHT_GNU_versym: 3835 /* We cannot process this section now since we have no guarantee 3836 that the verneed and verdef sections have already been read. 3837 Just remember the section index. */ 3838 if (versym_scnndx != 0) 3839 ERROR (gettext ("more than one version symbol table present\n")); 3840 versym_scnndx = cnt; 3841 break; 3842 3843 case SHT_GNU_verneed: 3844 check_verneed (ebl, shdr, cnt); 3845 break; 3846 3847 case SHT_GNU_verdef: 3848 check_verdef (ebl, shdr, cnt); 3849 break; 3850 3851 case SHT_GNU_ATTRIBUTES: 3852 check_attributes (ebl, ehdr, shdr, cnt); 3853 break; 3854 3855 default: 3856 /* Nothing. */ 3857 break; 3858 } 3859 } 3860 3861 if (has_interp_segment && !dot_interp_section) 3862 ERROR (gettext ("INTERP program header entry but no .interp section\n")); 3863 3864 if (!is_debuginfo) 3865 for (unsigned int pcnt = 0; pcnt < phnum; ++pcnt) 3866 { 3867 GElf_Phdr phdr_mem; 3868 GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem); 3869 if (phdr != NULL && (phdr->p_type == PT_LOAD || phdr->p_type == PT_TLS)) 3870 { 3871 if ((phdr->p_flags & PF_X) != 0 3872 && (segment_flags[pcnt] & PF_X) == 0) 3873 ERROR (gettext ("\ 3874 loadable segment [%u] is executable but contains no executable sections\n"), 3875 pcnt); 3876 3877 if ((phdr->p_flags & PF_W) != 0 3878 && (segment_flags[pcnt] & PF_W) == 0) 3879 ERROR (gettext ("\ 3880 loadable segment [%u] is writable but contains no writable sections\n"), 3881 pcnt); 3882 } 3883 } 3884 3885 free (segment_flags); 3886 3887 if (version_namelist != NULL) 3888 { 3889 if (versym_scnndx == 0) 3890 ERROR (gettext ("\ 3891 no .gnu.versym section present but .gnu.versym_d or .gnu.versym_r section exist\n")); 3892 else 3893 check_versym (ebl, versym_scnndx); 3894 3895 /* Check for duplicate index numbers. */ 3896 do 3897 { 3898 struct version_namelist *runp = version_namelist->next; 3899 while (runp != NULL) 3900 { 3901 if (version_namelist->ndx == runp->ndx) 3902 { 3903 ERROR (gettext ("duplicate version index %d\n"), 3904 (int) version_namelist->ndx); 3905 break; 3906 } 3907 runp = runp->next; 3908 } 3909 3910 struct version_namelist *old = version_namelist; 3911 version_namelist = version_namelist->next; 3912 free (old); 3913 } 3914 while (version_namelist != NULL); 3915 } 3916 else if (versym_scnndx != 0) 3917 ERROR (gettext ("\ 3918 .gnu.versym section present without .gnu.versym_d or .gnu.versym_r\n")); 3919 3920 if (hash_idx != 0 && gnu_hash_idx != 0) 3921 compare_hash_gnu_hash (ebl, ehdr, hash_idx, gnu_hash_idx); 3922 3923 free (scnref); 3924 } 3925 3926 3927 static GElf_Off 3928 check_note_data (Ebl *ebl, const GElf_Ehdr *ehdr, 3929 Elf_Data *data, int shndx, int phndx, GElf_Off start) 3930 { 3931 size_t offset = 0; 3932 size_t last_offset = 0; 3933 GElf_Nhdr nhdr; 3934 size_t name_offset; 3935 size_t desc_offset; 3936 while (offset < data->d_size 3937 && (offset = gelf_getnote (data, offset, 3938 &nhdr, &name_offset, &desc_offset)) > 0) 3939 { 3940 last_offset = offset; 3941 3942 /* Make sure it is one of the note types we know about. */ 3943 if (ehdr->e_type == ET_CORE) 3944 switch (nhdr.n_type) 3945 { 3946 case NT_PRSTATUS: 3947 case NT_FPREGSET: 3948 case NT_PRPSINFO: 3949 case NT_TASKSTRUCT: /* NT_PRXREG on Solaris. */ 3950 case NT_PLATFORM: 3951 case NT_AUXV: 3952 case NT_GWINDOWS: 3953 case NT_ASRS: 3954 case NT_PSTATUS: 3955 case NT_PSINFO: 3956 case NT_PRCRED: 3957 case NT_UTSNAME: 3958 case NT_LWPSTATUS: 3959 case NT_LWPSINFO: 3960 case NT_PRFPXREG: 3961 /* Known type. */ 3962 break; 3963 3964 default: 3965 if (shndx == 0) 3966 ERROR (gettext ("\ 3967 phdr[%d]: unknown core file note type %" PRIu32 " at offset %" PRIu64 "\n"), 3968 phndx, (uint32_t) nhdr.n_type, start + offset); 3969 else 3970 ERROR (gettext ("\ 3971 section [%2d] '%s': unknown core file note type %" PRIu32 3972 " at offset %Zu\n"), 3973 shndx, section_name (ebl, shndx), 3974 (uint32_t) nhdr.n_type, offset); 3975 } 3976 else 3977 switch (nhdr.n_type) 3978 { 3979 case NT_GNU_ABI_TAG: 3980 case NT_GNU_HWCAP: 3981 case NT_GNU_BUILD_ID: 3982 case NT_GNU_GOLD_VERSION: 3983 break; 3984 3985 case 0: 3986 /* Linux vDSOs use a type 0 note for the kernel version word. */ 3987 if (nhdr.n_namesz == sizeof "Linux" 3988 && !memcmp (data->d_buf + name_offset, "Linux", sizeof "Linux")) 3989 break; 3990 3991 default: 3992 if (shndx == 0) 3993 ERROR (gettext ("\ 3994 phdr[%d]: unknown object file note type %" PRIu32 " at offset %Zu\n"), 3995 phndx, (uint32_t) nhdr.n_type, offset); 3996 else 3997 ERROR (gettext ("\ 3998 section [%2d] '%s': unknown object file note type %" PRIu32 3999 " at offset %Zu\n"), 4000 shndx, section_name (ebl, shndx), 4001 (uint32_t) nhdr.n_type, offset); 4002 } 4003 } 4004 4005 return last_offset; 4006 } 4007 4008 4009 static void 4010 check_note (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Phdr *phdr, int cnt) 4011 { 4012 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4013 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4014 ERROR (gettext ("\ 4015 phdr[%d]: no note entries defined for the type of file\n"), 4016 cnt); 4017 4018 if (is_debuginfo) 4019 /* The p_offset values in a separate debug file are bogus. */ 4020 return; 4021 4022 if (phdr->p_filesz == 0) 4023 return; 4024 4025 GElf_Off notes_size = 0; 4026 Elf_Data *data = elf_getdata_rawchunk (ebl->elf, 4027 phdr->p_offset, phdr->p_filesz, 4028 ELF_T_NHDR); 4029 if (data != NULL) 4030 notes_size = check_note_data (ebl, ehdr, data, 0, cnt, phdr->p_offset); 4031 4032 if (notes_size == 0) 4033 ERROR (gettext ("phdr[%d]: cannot get content of note section: %s\n"), 4034 cnt, elf_errmsg (-1)); 4035 else if (notes_size != phdr->p_filesz) 4036 ERROR (gettext ("phdr[%d]: extra %" PRIu64 " bytes after last note\n"), 4037 cnt, phdr->p_filesz - notes_size); 4038 } 4039 4040 4041 static void 4042 check_note_section (Ebl *ebl, GElf_Ehdr *ehdr, GElf_Shdr *shdr, int idx) 4043 { 4044 if (shdr->sh_size == 0) 4045 return; 4046 4047 Elf_Data *data = elf_getdata (elf_getscn (ebl->elf, idx), NULL); 4048 if (data == NULL) 4049 { 4050 ERROR (gettext ("section [%2d] '%s': cannot get section data\n"), 4051 idx, section_name (ebl, idx)); 4052 return; 4053 } 4054 4055 if (ehdr->e_type != ET_CORE && ehdr->e_type != ET_REL 4056 && ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) 4057 ERROR (gettext ("\ 4058 section [%2d] '%s': no note entries defined for the type of file\n"), 4059 idx, section_name (ebl, idx)); 4060 4061 GElf_Off notes_size = check_note_data (ebl, ehdr, data, idx, 0, 0); 4062 4063 if (notes_size == 0) 4064 ERROR (gettext ("section [%2d] '%s': cannot get content of note section\n"), 4065 idx, section_name (ebl, idx)); 4066 else if (notes_size != shdr->sh_size) 4067 ERROR (gettext ("section [%2d] '%s': extra %" PRIu64 4068 " bytes after last note\n"), 4069 idx, section_name (ebl, idx), shdr->sh_size - notes_size); 4070 } 4071 4072 4073 /* Index of the PT_GNU_EH_FRAME program eader entry. */ 4074 static int pt_gnu_eh_frame_pndx; 4075 4076 4077 static void 4078 check_program_header (Ebl *ebl, GElf_Ehdr *ehdr) 4079 { 4080 if (ehdr->e_phoff == 0) 4081 return; 4082 4083 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN 4084 && ehdr->e_type != ET_CORE) 4085 ERROR (gettext ("\ 4086 only executables, shared objects, and core files can have program headers\n")); 4087 4088 int num_pt_interp = 0; 4089 int num_pt_tls = 0; 4090 int num_pt_relro = 0; 4091 4092 for (unsigned int cnt = 0; cnt < phnum; ++cnt) 4093 { 4094 GElf_Phdr phdr_mem; 4095 GElf_Phdr *phdr; 4096 4097 phdr = gelf_getphdr (ebl->elf, cnt, &phdr_mem); 4098 if (phdr == NULL) 4099 { 4100 ERROR (gettext ("cannot get program header entry %d: %s\n"), 4101 cnt, elf_errmsg (-1)); 4102 continue; 4103 } 4104 4105 if (phdr->p_type >= PT_NUM && phdr->p_type != PT_GNU_EH_FRAME 4106 && phdr->p_type != PT_GNU_STACK && phdr->p_type != PT_GNU_RELRO 4107 /* Check for a known machine-specific type. */ 4108 && ebl_segment_type_name (ebl, phdr->p_type, NULL, 0) == NULL) 4109 ERROR (gettext ("\ 4110 program header entry %d: unknown program header entry type %#" PRIx64 "\n"), 4111 cnt, (uint64_t) phdr->p_type); 4112 4113 if (phdr->p_type == PT_LOAD) 4114 has_loadable_segment = true; 4115 else if (phdr->p_type == PT_INTERP) 4116 { 4117 if (++num_pt_interp != 1) 4118 { 4119 if (num_pt_interp == 2) 4120 ERROR (gettext ("\ 4121 more than one INTERP entry in program header\n")); 4122 } 4123 has_interp_segment = true; 4124 } 4125 else if (phdr->p_type == PT_TLS) 4126 { 4127 if (++num_pt_tls == 2) 4128 ERROR (gettext ("more than one TLS entry in program header\n")); 4129 } 4130 else if (phdr->p_type == PT_NOTE) 4131 check_note (ebl, ehdr, phdr, cnt); 4132 else if (phdr->p_type == PT_DYNAMIC) 4133 { 4134 if (ehdr->e_type == ET_EXEC && ! has_interp_segment) 4135 ERROR (gettext ("\ 4136 static executable cannot have dynamic sections\n")); 4137 else 4138 { 4139 /* Check that the .dynamic section, if it exists, has 4140 the same address. */ 4141 Elf_Scn *scn = NULL; 4142 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4143 { 4144 GElf_Shdr shdr_mem; 4145 GElf_Shdr *shdr = gelf_getshdr (scn, &shdr_mem); 4146 if (shdr != NULL && shdr->sh_type == SHT_DYNAMIC) 4147 { 4148 if (phdr->p_offset != shdr->sh_offset) 4149 ERROR (gettext ("\ 4150 dynamic section reference in program header has wrong offset\n")); 4151 if (phdr->p_memsz != shdr->sh_size) 4152 ERROR (gettext ("\ 4153 dynamic section size mismatch in program and section header\n")); 4154 break; 4155 } 4156 } 4157 } 4158 } 4159 else if (phdr->p_type == PT_GNU_RELRO) 4160 { 4161 if (++num_pt_relro == 2) 4162 ERROR (gettext ("\ 4163 more than one GNU_RELRO entry in program header\n")); 4164 else 4165 { 4166 /* Check that the region is in a writable segment. */ 4167 unsigned int inner; 4168 for (inner = 0; inner < phnum; ++inner) 4169 { 4170 GElf_Phdr phdr2_mem; 4171 GElf_Phdr *phdr2; 4172 4173 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4174 if (phdr2 == NULL) 4175 continue; 4176 4177 if (phdr2->p_type == PT_LOAD 4178 && phdr->p_vaddr >= phdr2->p_vaddr 4179 && (phdr->p_vaddr + phdr->p_memsz 4180 <= phdr2->p_vaddr + phdr2->p_memsz)) 4181 { 4182 if ((phdr2->p_flags & PF_W) == 0) 4183 ERROR (gettext ("\ 4184 loadable segment GNU_RELRO applies to is not writable\n")); 4185 if ((phdr2->p_flags & ~PF_W) != (phdr->p_flags & ~PF_W)) 4186 ERROR (gettext ("\ 4187 loadable segment [%u] flags do not match GNU_RELRO [%u] flags\n"), 4188 cnt, inner); 4189 break; 4190 } 4191 } 4192 4193 if (inner >= phnum) 4194 ERROR (gettext ("\ 4195 %s segment not contained in a loaded segment\n"), "GNU_RELRO"); 4196 } 4197 } 4198 else if (phdr->p_type == PT_PHDR) 4199 { 4200 /* Check that the region is in a writable segment. */ 4201 unsigned int inner; 4202 for (inner = 0; inner < phnum; ++inner) 4203 { 4204 GElf_Phdr phdr2_mem; 4205 GElf_Phdr *phdr2; 4206 4207 phdr2 = gelf_getphdr (ebl->elf, inner, &phdr2_mem); 4208 if (phdr2 != NULL 4209 && phdr2->p_type == PT_LOAD 4210 && phdr->p_vaddr >= phdr2->p_vaddr 4211 && (phdr->p_vaddr + phdr->p_memsz 4212 <= phdr2->p_vaddr + phdr2->p_memsz)) 4213 break; 4214 } 4215 4216 if (inner >= phnum) 4217 ERROR (gettext ("\ 4218 %s segment not contained in a loaded segment\n"), "PHDR"); 4219 4220 /* Check that offset in segment corresponds to offset in ELF 4221 header. */ 4222 if (phdr->p_offset != ehdr->e_phoff) 4223 ERROR (gettext ("\ 4224 program header offset in ELF header and PHDR entry do not match")); 4225 } 4226 else if (phdr->p_type == PT_GNU_EH_FRAME) 4227 { 4228 /* If there is an .eh_frame_hdr section it must be 4229 referenced by this program header entry. */ 4230 Elf_Scn *scn = NULL; 4231 GElf_Shdr shdr_mem; 4232 GElf_Shdr *shdr = NULL; 4233 bool any = false; 4234 while ((scn = elf_nextscn (ebl->elf, scn)) != NULL) 4235 { 4236 any = true; 4237 shdr = gelf_getshdr (scn, &shdr_mem); 4238 if (shdr != NULL 4239 && shdr->sh_type == (is_debuginfo 4240 ? SHT_NOBITS : SHT_PROGBITS) 4241 && ! strcmp (".eh_frame_hdr", 4242 elf_strptr (ebl->elf, shstrndx, shdr->sh_name))) 4243 { 4244 if (! is_debuginfo) 4245 { 4246 if (phdr->p_offset != shdr->sh_offset) 4247 ERROR (gettext ("\ 4248 call frame search table reference in program header has wrong offset\n")); 4249 if (phdr->p_memsz != shdr->sh_size) 4250 ERROR (gettext ("\ 4251 call frame search table size mismatch in program and section header\n")); 4252 } 4253 break; 4254 } 4255 } 4256 4257 if (scn == NULL) 4258 { 4259 /* If there is no section header table we don't 4260 complain. But if there is one there should be an 4261 entry for .eh_frame_hdr. */ 4262 if (any) 4263 ERROR (gettext ("\ 4264 PT_GNU_EH_FRAME present but no .eh_frame_hdr section\n")); 4265 } 4266 else 4267 { 4268 /* The section must be allocated and not be writable and 4269 executable. */ 4270 if ((phdr->p_flags & PF_R) == 0) 4271 ERROR (gettext ("\ 4272 call frame search table must be allocated\n")); 4273 else if (shdr != NULL && (shdr->sh_flags & SHF_ALLOC) == 0) 4274 ERROR (gettext ("\ 4275 section [%2zu] '%s' must be allocated\n"), elf_ndxscn (scn), ".eh_frame_hdr"); 4276 4277 if ((phdr->p_flags & PF_W) != 0) 4278 ERROR (gettext ("\ 4279 call frame search table must not be writable\n")); 4280 else if (shdr != NULL && (shdr->sh_flags & SHF_WRITE) != 0) 4281 ERROR (gettext ("\ 4282 section [%2zu] '%s' must not be writable\n"), 4283 elf_ndxscn (scn), ".eh_frame_hdr"); 4284 4285 if ((phdr->p_flags & PF_X) != 0) 4286 ERROR (gettext ("\ 4287 call frame search table must not be executable\n")); 4288 else if (shdr != NULL && (shdr->sh_flags & SHF_EXECINSTR) != 0) 4289 ERROR (gettext ("\ 4290 section [%2zu] '%s' must not be executable\n"), 4291 elf_ndxscn (scn), ".eh_frame_hdr"); 4292 } 4293 4294 /* Remember which entry this is. */ 4295 pt_gnu_eh_frame_pndx = cnt; 4296 } 4297 4298 if (phdr->p_filesz > phdr->p_memsz 4299 && (phdr->p_memsz != 0 || phdr->p_type != PT_NOTE)) 4300 ERROR (gettext ("\ 4301 program header entry %d: file size greater than memory size\n"), 4302 cnt); 4303 4304 if (phdr->p_align > 1) 4305 { 4306 if (!powerof2 (phdr->p_align)) 4307 ERROR (gettext ("\ 4308 program header entry %d: alignment not a power of 2\n"), cnt); 4309 else if ((phdr->p_vaddr - phdr->p_offset) % phdr->p_align != 0) 4310 ERROR (gettext ("\ 4311 program header entry %d: file offset and virtual address not module of alignment\n"), cnt); 4312 } 4313 } 4314 } 4315 4316 4317 static void 4318 check_exception_data (Ebl *ebl __attribute__ ((unused)), 4319 GElf_Ehdr *ehdr __attribute__ ((unused))) 4320 { 4321 if ((ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) 4322 && pt_gnu_eh_frame_pndx == 0 && eh_frame_hdr_scnndx != 0) 4323 ERROR (gettext ("executable/DSO with .eh_frame_hdr section does not have " 4324 "a PT_GNU_EH_FRAME program header entry")); 4325 } 4326 4327 4328 /* Process one file. */ 4329 static void 4330 process_elf_file (Elf *elf, const char *prefix, const char *suffix, 4331 const char *fname, size_t size, bool only_one) 4332 { 4333 /* Reset variables. */ 4334 ndynamic = 0; 4335 nverneed = 0; 4336 nverdef = 0; 4337 textrel = false; 4338 needed_textrel = false; 4339 has_loadable_segment = false; 4340 has_interp_segment = false; 4341 4342 GElf_Ehdr ehdr_mem; 4343 GElf_Ehdr *ehdr = gelf_getehdr (elf, &ehdr_mem); 4344 Ebl *ebl; 4345 4346 /* Print the file name. */ 4347 if (!only_one) 4348 { 4349 if (prefix != NULL) 4350 printf ("\n%s(%s)%s:\n", prefix, fname, suffix); 4351 else 4352 printf ("\n%s:\n", fname); 4353 } 4354 4355 if (ehdr == NULL) 4356 { 4357 ERROR (gettext ("cannot read ELF header: %s\n"), elf_errmsg (-1)); 4358 return; 4359 } 4360 4361 ebl = ebl_openbackend (elf); 4362 /* If there is no appropriate backend library we cannot test 4363 architecture and OS specific features. Any encountered extension 4364 is an error. */ 4365 4366 /* Go straight by the gABI, check all the parts in turn. */ 4367 check_elf_header (ebl, ehdr, size); 4368 4369 /* Check the program header. */ 4370 check_program_header (ebl, ehdr); 4371 4372 /* Next the section headers. It is OK if there are no section 4373 headers at all. */ 4374 check_sections (ebl, ehdr); 4375 4376 /* Check the exception handling data, if it exists. */ 4377 if (pt_gnu_eh_frame_pndx != 0 || eh_frame_hdr_scnndx != 0 4378 || eh_frame_scnndx != 0 || gcc_except_table_scnndx != 0) 4379 check_exception_data (ebl, ehdr); 4380 4381 /* Report if no relocation section needed the text relocation flag. */ 4382 if (textrel && !needed_textrel) 4383 ERROR (gettext ("text relocation flag set but not needed\n")); 4384 4385 /* Free the resources. */ 4386 ebl_closebackend (ebl); 4387 } 4388 4389 4390 #include "debugpred.h" 4391