elfutils/backport-CVE-2025-1377.patch

From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 13 Feb 2025 14:59:34 +0100
Subject: [PATCH] strip: Verify symbol table is a real symbol table

We didn't check the symbol table referenced from the relocation table
was a real symbol table. This could cause a crash if that section
happened to be an SHT_NOBITS section without any data. Fix this by
adding an explicit check.

       * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
       message string to display.
       (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
       (remove_debug_relocations): Check the sh_link referenced
       section is real and isn't a SHT_NOBITS section.

https://sourceware.org/bugzilla/show_bug.cgi?id=32673

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/strip.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/strip.c b/src/strip.c
index 3812fb17..8d2bb7a9 100644
--- a/src/strip.c
+++ b/src/strip.c
@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
 /* Close debug file descriptor, if opened. And remove temporary debug file.  */
 static void cleanup_debug (void);
 
-#define INTERNAL_ERROR(fname) \
+#define INTERNAL_ERROR_MSG(fname, msg) \
   do { \
     cleanup_debug (); \
     error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"),			\
-		fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1));	\
+		fname, __LINE__, PACKAGE_VERSION, msg);	\
   } while (0)
 
+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
 
 /* Name of the output file.  */
 static const char *output_fname;
@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr,
 	     resolve relocation symbol indexes.  */
 	  Elf64_Word symt = shdr->sh_link;
 	  Elf_Data *symdata, *xndxdata;
-	  Elf_Scn * symscn = elf_getscn (elf, symt);
+	  Elf_Scn *symscn = elf_getscn (elf, symt);
+	  GElf_Shdr symshdr_mem;
+	  GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
+	  if (symshdr == NULL)
+	    INTERNAL_ERROR (fname);
+	  if (symshdr->sh_type == SHT_NOBITS)
+	    INTERNAL_ERROR_MSG (fname, "NOBITS section");
+
 	  symdata = elf_getdata (symscn, NULL);
 	  xndxdata = get_xndxdata (elf, symscn);
 	  if (symdata == NULL)
-- 
2.27.0
fix CVE-2025-1352 CVE-2025-1365 CVE-2025-1371 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 2025-02-16 08:53:39 +08:00			`From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001`
			`From: Mark Wielaard <mark@klomp.org>`
			`Date: Thu, 13 Feb 2025 14:59:34 +0100`
			`Subject: [PATCH] strip: Verify symbol table is a real symbol table`

			`We didn't check the symbol table referenced from the relocation table`
			`was a real symbol table. This could cause a crash if that section`
			`happened to be an SHT_NOBITS section without any data. Fix this by`
			`adding an explicit check.`

			`* src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a`
			`message string to display.`
			`(INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).`
			`(remove_debug_relocations): Check the sh_link referenced`
			`section is real and isn't a SHT_NOBITS section.`

			`https://sourceware.org/bugzilla/show_bug.cgi?id=32673`

			`Signed-off-by: Mark Wielaard <mark@klomp.org>`
			`---`
			`src/strip.c \| 14 +++++++++++---`
			`1 file changed, 11 insertions(+), 3 deletions(-)`

			`diff --git a/src/strip.c b/src/strip.c`
			`index 3812fb17..8d2bb7a9 100644`
			`--- a/src/strip.c`
			`+++ b/src/strip.c`
			`@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;`
			`/* Close debug file descriptor, if opened. And remove temporary debug file. */`
			`static void cleanup_debug (void);`

			`-#define INTERNAL_ERROR(fname) \`
			`+#define INTERNAL_ERROR_MSG(fname, msg) \`
			`do { \`
			`cleanup_debug (); \`
			`error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"), \`
			`- fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \`
			`+ fname, __LINE__, PACKAGE_VERSION, msg); \`
			`} while (0)`

			`+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))`

			`/* Name of the output file. */`
			`static const char *output_fname;`
			`@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl ebl, Elf elf, GElf_Ehdr *ehdr,`
			`resolve relocation symbol indexes. */`
			`Elf64_Word symt = shdr->sh_link;`
			`Elf_Data symdata, xndxdata;`
			`- Elf_Scn * symscn = elf_getscn (elf, symt);`
			`+ Elf_Scn *symscn = elf_getscn (elf, symt);`
			`+ GElf_Shdr symshdr_mem;`
			`+ GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);`
			`+ if (symshdr == NULL)`
			`+ INTERNAL_ERROR (fname);`
			`+ if (symshdr->sh_type == SHT_NOBITS)`
			`+ INTERNAL_ERROR_MSG (fname, "NOBITS section");`
			`+`
			`symdata = elf_getdata (symscn, NULL);`
			`xndxdata = get_xndxdata (elf, symscn);`
			`if (symdata == NULL)`
			`--`
			`2.27.0`