lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 25 Apr 2008 10:45:23 +0200
From:	Roel Kluin <12o3l@...cali.nl>
To:	Hirokazu Takata <takata@...ux-m32r.org>
CC:	linux-m32r@...linux-m32r.org, lkml <linux-kernel@...r.kernel.org>
Subject: [PATCH v2] m32r: test before subtraction on unsigned relocation range

Hirokazu Takata wrote:
> From: Roel Kluin <12o3l@...cali.nl>
> Subject: [PATCH] m32r: test before subtraction on unsigned relocation range
> Date: Wed, 23 Apr 2008 18:34:16 +0200
>>  		case R_M32R_26_PCREL_RELA:
>> -	  		relocation = (relocation - (Elf32_Addr) location);
>> -			if (relocation < -0x2000000 || 0x1fffffc < relocation)
>> +			if (relocation + 0x20000 < (Elf32_Addr) location ||
>> +					relocation >= 0x1fffc + (Elf32_Addr) location)
> 
> A slight fix is required.
> 
> The above range check is incorrect, because the R_M32R_26_PCREL_RELA is
> 26-bit relocation.
> 
> -- Takata
> 
Thanks for spotting this!
---
Relocation is unsigned, test before subtraction

Signed-off-by: Roel Kluin <12o3l@...cali.nl>
---
diff --git a/arch/m32r/kernel/module.c b/arch/m32r/kernel/module.c
index 8d42057..947def6 100644
--- a/arch/m32r/kernel/module.c
+++ b/arch/m32r/kernel/module.c
@@ -171,13 +171,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
 	    		COPY_UNALIGNED_WORD (value, *location, align);
 			break;
 		case R_M32R_18_PCREL_RELA:
-	  		relocation = (relocation - (Elf32_Addr) location);
-			if (relocation < -0x20000 || 0x1fffc < relocation)
+			if (relocation + 0x20000 < (Elf32_Addr) location ||
+					relocation >= 0x1fffc + (Elf32_Addr) location)
 				{
 					printk(KERN_ERR "module %s: relocation overflow: %u\n",
-					me->name, relocation);
+					me->name, relocation - (Elf32_Addr) location));
 					return -ENOEXEC;
 				}
+			relocation = (relocation - (Elf32_Addr) location);
 	    		COPY_UNALIGNED_WORD (*location, value, align);
 			if (value & 0xffff)
 				{
@@ -203,13 +204,14 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
 	    		COPY_UNALIGNED_HWORD (hvalue, *hlocation, align);
 			break;
 		case R_M32R_26_PCREL_RELA:
-	  		relocation = (relocation - (Elf32_Addr) location);
-			if (relocation < -0x2000000 || 0x1fffffc < relocation)
+			if (relocation + 0x2000000 < (Elf32_Addr) location ||
+					relocation >= 0x1fffffc + (Elf32_Addr) location)
 				{
 					printk(KERN_ERR "module %s: relocation overflow: %u\n",
-					me->name, relocation);
+					me->name, relocation - (Elf32_Addr) location));
 					return -ENOEXEC;
 				}
+			relocation = (relocation - (Elf32_Addr) location);
 	    		COPY_UNALIGNED_WORD (*location, value, align);
 			if (value & 0xffffff)
 				{
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ