From 6eef487e5447db22e6ec5df7bb5a0aa86a9e96ef Mon Sep 17 00:00:00 2001 From: Jiang Liu Date: Thu, 31 Oct 2024 06:06:03 +0800 Subject: [PATCH] Enforce stricter validation for data read from binary file (#682) Enforce stricter validation for data read from binary file by: - limit maximum size of binary file - validate slice indices - use checked_add to avoid overflow - skip imported symbol - skip symbols with values out of range Signed-off-by: Jiang Liu --- Cargo.lock | 1 + Cargo.toml | 1 + src/binary_parser.rs | 86 ++++++++++++++++++++++++++++++++++++++------ src/utils.rs | 56 +++++++++++++++++++++++++++++ 4 files changed, 133 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a6af5e6b..d1a390cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1064,6 +1064,7 @@ dependencies = [ "log", "lru", "memmap2", + "num-traits", "proc-maps", "py-spy-testdata", "rand", diff --git a/Cargo.toml b/Cargo.toml index 187464fb..c670e982 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,6 +28,7 @@ lazy_static = "1.4.0" libc = "0.2" log = "0.4" lru = "0.10" +num-traits = "0.2" regex = ">=1.6.0" tempfile = "3.6.0" proc-maps = "0.4.0" diff --git a/src/binary_parser.rs b/src/binary_parser.rs index 76584475..e9bd52a4 100644 --- a/src/binary_parser.rs +++ b/src/binary_parser.rs @@ -6,6 +6,8 @@ use anyhow::Error; use goblin::Object; use memmap2::Mmap; +use crate::utils::is_subrange; + pub struct BinaryInfo { pub symbols: HashMap, pub bss_addr: u64, @@ -52,6 +54,12 @@ pub fn parse_binary(filename: &Path, addr: u64, size: u64) -> Result Result Result Result Result Option { // check the filename first, if it exists use it @@ -21,6 +24,59 @@ pub fn resolve_filename(filename: &str, modulename: &str) -> Option { None } +pub fn is_subrange( + start: T, + size: T, + sub_start: T, + sub_size: T, +) -> bool { + !size.is_zero() + && !sub_size.is_zero() + && start.checked_add(&size).is_some() + && sub_start.checked_add(&sub_size).is_some() + && sub_start >= start + && sub_start + sub_size <= start + size +} + pub fn offset_of(object: *const T, member: *const M) -> usize { member as usize - object as usize } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_is_subrange() { + assert!(is_subrange( + 0u64, + 0xffff_ffff_ffff_ffff, + 0, + 0xffff_ffff_ffff_ffff + )); + assert!(is_subrange(0, 1, 0, 1)); + assert!(is_subrange(0, 100, 0, 10)); + assert!(is_subrange(0, 100, 90, 10)); + + assert!(!is_subrange(0, 0, 0, 0)); + assert!(!is_subrange(1, 0, 0, 0)); + assert!(!is_subrange(1, 0, 1, 0)); + assert!(!is_subrange(0, 0, 0, 1)); + assert!(!is_subrange(0, 0, 1, 0)); + assert!(!is_subrange( + 1u64, + 0xffff_ffff_ffff_ffff, + 0, + 0xffff_ffff_ffff_ffff + )); + assert!(!is_subrange( + 0u64, + 0xffff_ffff_ffff_ffff, + 1, + 0xffff_ffff_ffff_ffff + )); + assert!(!is_subrange(0, 10, 0, 11)); + assert!(!is_subrange(0, 10, 1, 10)); + assert!(!is_subrange(0, 10, 9, 2)); + } +}