Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libkmod: Use correct data types for ELF arithmetic #272

Closed
wants to merge 1 commit into from
Closed

libkmod: Use correct data types for ELF arithmetic #272

wants to merge 1 commit into from

Conversation

stoeckmann
Copy link
Contributor

@stoeckmann stoeckmann commented Dec 22, 2024
edited
Loading

Make sure that no input files could overflow internal variables used for calculations.

This prevents wrong output and out of boundary writes.

Proof of Concepts:

A: Wrong information printed

  1. Create file with 4 billion mod versions
cat > poc.ko.zst.b64 << EOF
KLUv/WQQAG0DAEQEf0VMRgICABERIiIzMzMzRFUAQHd3d3eIiJmZqqoAQAADAAERAAAACCIzAAEA
C2ZmZmaZDF9fdmVyc2lvbnMAAHN5bQASIDCDqdQDAwDKhVvWG7ridkA+jvAfeuLGzgn1uytBMhyS
r3wKaAQjvcBa
EOF
base64 -d poc.ko.zst.b64 | zstd -d > poc.ko
dd if=/dev/zero of=poc.ko conv=notrunc bs=1 count=1 seek=274877907212
  1. Print modversions (none will be shown)
modprobe --show-modversions poc.ko

B: Out of boundary write

  1. Create file with 4 billion symbols
cat > poc.ko.zst.b64 << EOF
KLUv/WQUAG0DAJQEf0VMRgICABERIiIzMzMzRFUAQHd3d3eIiJmZqqoAQAADAAERAAAACCIzAAEA
EmZmZmaZFEBfX2tzeW10YWJfc3RyaW5ncwAAABEgcMOWOkDs3tArbgPk2wj/oRM1Fk4Iv7sSJMMQ
+eZTPCODyrcz
EOF
base64 -d poc.ko.zst.b64 | zstd -d > poc.ko
yes | tr '\n' '\0' | dd bs=4096 count=2097152 >> poc.ko
  1. Print symbols (segmentation fault)
modprobe --show-exports poc.ko

@stoeckmann
libkmod: Use correct data types for ELF arithmetic
a3f4c97 
Make sure that no input files could overflow internal variables
used for calculations.

This prevents wrong output and out of boundary writes.

Signed-off-by: Tobias Stoeckmann <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Dec 22, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 13.33333% with 13 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
libkmod/libkmod-elf.c 13.33% 12 Missing and 1 partial ⚠️
Files with missing lines Coverage Δ
libkmod/libkmod-elf.c 50.23% <13.33%> (ø)

@stoeckmann stoeckmann mentioned this pull request Dec 22, 2024
Open
lucasdemarchi pushed a commit that referenced this pull request Jan 2, 2025
@stoeckmann @lucasdemarchi
libkmod: Use correct data types for ELF arithmetic
bcff223 
Make sure that no input files could overflow internal variables
used for calculations.

This prevents wrong output and out of boundary writes.

Signed-off-by: Tobias Stoeckmann <[email protected]>
Link: #272
Signed-off-by: Lucas De Marchi <[email protected]>
@lucasdemarchi
Copy link
Contributor

Applied, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stoeckmann @lucasdemarchi