[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:12.elf
Konstantin Belousov
kostikbel at gmail.com
Sat Oct 6 18:21:17 UTC 2018
On Sat, Oct 06, 2018 at 08:35:26PM +0300, Lena at lena.kiev.ua wrote:
> > Insufficient validation was performed in the ELF header parser, and malformed
> > or otherwise invalid ELF binaries were not rejected as they should be.
>
> What is invalid in the /usr/local/share/google-earth/googleearth-bin
> binary of the port google-earth-7.1.5.1557,3 ?
>
> FreeBSD 11.2-RELEASE-p4 Sep 27 GENERIC i386, the binary:
> https://drive.google.com/file/d/1SgHk8ijSp2F9UcQGlx44psT832TdIEL0/view
>
> ~ $ googleearth
> Invalid PT_INTERP
> exec: ./googleearth-bin: Exec format error
> ~ $ readelf --program-headers /usr/local/share/google-earth/googleearth-bin
>
> Elf file type is EXEC (Executable file)
> Entry point 0x8048650
> There are 8 program headers, starting at offset 52
>
> Program Headers:
> Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
> PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
> INTERP 0x000134 0x08048134 0x08048134 0x00011 0x00011 R 0x1
> [Requesting program interpreter: /lib/ld-linux.so.2]
As you see, the file delcares that file/memory length of the interpreter
name' segment is 0x11 == 16 decimal. But the string does not end on
byte 16, which is not NUL. We tighten the checks and do require that
PT_INTERP string is valid by checking that it is NUL-terminated at the
offset declared by the size.
More information about the freebsd-security
mailing list