diff options
author | Andrii Nakryiko <andrii@kernel.org> | 2021-11-03 10:32:11 -0700 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2021-11-03 13:25:37 -0700 |
commit | 62554d52e71797eefa3fc15b54008038837bb2d4 (patch) | |
tree | bca9ea3dbbbc86ca5a738ed497a31dbc0b32871e /tools/lib/bpf/libbpf.c | |
parent | libbpf: Improve sanity checking during BTF fix up (diff) | |
download | linux-dev-62554d52e71797eefa3fc15b54008038837bb2d4.tar.xz linux-dev-62554d52e71797eefa3fc15b54008038837bb2d4.zip |
libbpf: Validate that .BTF and .BTF.ext sections contain data
.BTF and .BTF.ext ELF sections should have SHT_PROGBITS type and contain
data. If they are not, ELF is invalid or corrupted, so bail out.
Otherwise this can lead to data->d_buf being NULL and SIGSEGV later on.
Reported by oss-fuzz project.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20211103173213.1376990-4-andrii@kernel.org
Diffstat (limited to 'tools/lib/bpf/libbpf.c')
-rw-r--r-- | tools/lib/bpf/libbpf.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index f836a1936597..0dc6465271ce 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -3270,8 +3270,12 @@ static int bpf_object__elf_collect(struct bpf_object *obj) } else if (strcmp(name, MAPS_ELF_SEC) == 0) { obj->efile.btf_maps_shndx = idx; } else if (strcmp(name, BTF_ELF_SEC) == 0) { + if (sh->sh_type != SHT_PROGBITS) + return -LIBBPF_ERRNO__FORMAT; btf_data = data; } else if (strcmp(name, BTF_EXT_ELF_SEC) == 0) { + if (sh->sh_type != SHT_PROGBITS) + return -LIBBPF_ERRNO__FORMAT; btf_ext_data = data; } else if (sh->sh_type == SHT_SYMTAB) { /* already processed during the first pass above */ |