1 /* Create descriptor for processing file.
2 Copyright (C) 1998-2010, 2012, 2014 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 1998.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of either
8
9 * the GNU Lesser General Public License as published by the Free
10 Software Foundation; either version 3 of the License, or (at
11 your option) any later version
12
13 or
14
15 * the GNU General Public License as published by the Free
16 Software Foundation; either version 2 of the License, or (at
17 your option) any later version
18
19 or both in parallel, as here.
20
21 elfutils is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
25
26 You should have received copies of the GNU General Public License and
27 the GNU Lesser General Public License along with this program. If
28 not, see <http://www.gnu.org/licenses/>. */
29
30 #ifdef HAVE_CONFIG_H
31 # include <config.h>
32 #endif
33
34 #include <assert.h>
35 #include <ctype.h>
36 #include <errno.h>
37 #include <fcntl.h>
38 #include <stdbool.h>
39 #include <stddef.h>
40 #include <string.h>
41 #include <unistd.h>
42 #include <sys/mman.h>
43 #include <sys/param.h>
44 #include <sys/stat.h>
45
46 #include <system.h>
47 #include "libelfP.h"
48 #include "common.h"
49
50
51 /* Create descriptor for archive in memory. */
52 static inline Elf *
file_read_ar(int fildes,void * map_address,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)53 file_read_ar (int fildes, void *map_address, off_t offset, size_t maxsize,
54 Elf_Cmd cmd, Elf *parent)
55 {
56 Elf *elf;
57
58 /* Create a descriptor. */
59 elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
60 ELF_K_AR, 0);
61 if (elf != NULL)
62 {
63 /* We don't read all the symbol tables in advance. All this will
64 happen on demand. */
65 elf->state.ar.offset = offset + SARMAG;
66
67 elf->state.ar.elf_ar_hdr.ar_rawname = elf->state.ar.raw_name;
68 }
69
70 return elf;
71 }
72
73
74 static size_t
get_shnum(void * map_address,unsigned char * e_ident,int fildes,off_t offset,size_t maxsize)75 get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset,
76 size_t maxsize)
77 {
78 size_t result;
79 union
80 {
81 Elf32_Ehdr *e32;
82 Elf64_Ehdr *e64;
83 void *p;
84 } ehdr;
85 union
86 {
87 Elf32_Ehdr e32;
88 Elf64_Ehdr e64;
89 } ehdr_mem;
90 bool is32 = e_ident[EI_CLASS] == ELFCLASS32;
91
92 /* Make the ELF header available. */
93 if (e_ident[EI_DATA] == MY_ELFDATA
94 && (ALLOW_UNALIGNED
95 || (((size_t) e_ident
96 & ((is32 ? __alignof__ (Elf32_Ehdr) : __alignof__ (Elf64_Ehdr))
97 - 1)) == 0)))
98 ehdr.p = e_ident;
99 else
100 {
101 /* We already read the ELF header. We have to copy the header
102 since we possibly modify the data here and the caller
103 expects the memory it passes in to be preserved. */
104 ehdr.p = &ehdr_mem;
105
106 if (is32)
107 {
108 if (ALLOW_UNALIGNED)
109 {
110 ehdr_mem.e32.e_shnum = ((Elf32_Ehdr *) e_ident)->e_shnum;
111 ehdr_mem.e32.e_shoff = ((Elf32_Ehdr *) e_ident)->e_shoff;
112 }
113 else
114 memcpy (&ehdr_mem, e_ident, sizeof (Elf32_Ehdr));
115
116 if (e_ident[EI_DATA] != MY_ELFDATA)
117 {
118 CONVERT (ehdr_mem.e32.e_shnum);
119 CONVERT (ehdr_mem.e32.e_shoff);
120 }
121 }
122 else
123 {
124 if (ALLOW_UNALIGNED)
125 {
126 ehdr_mem.e64.e_shnum = ((Elf64_Ehdr *) e_ident)->e_shnum;
127 ehdr_mem.e64.e_shoff = ((Elf64_Ehdr *) e_ident)->e_shoff;
128 }
129 else
130 memcpy (&ehdr_mem, e_ident, sizeof (Elf64_Ehdr));
131
132 if (e_ident[EI_DATA] != MY_ELFDATA)
133 {
134 CONVERT (ehdr_mem.e64.e_shnum);
135 CONVERT (ehdr_mem.e64.e_shoff);
136 }
137 }
138 }
139
140 if (is32)
141 {
142 /* Get the number of sections from the ELF header. */
143 result = ehdr.e32->e_shnum;
144
145 if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
146 {
147 if (unlikely (ehdr.e32->e_shoff >= maxsize)
148 || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr)))
149 /* Cannot read the first section header. */
150 return 0;
151
152 if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
153 && (ALLOW_UNALIGNED
154 || (((size_t) ((char *) map_address + offset))
155 & (__alignof__ (Elf32_Ehdr) - 1)) == 0))
156 /* We can directly access the memory. */
157 result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff
158 + offset))->sh_size;
159 else
160 {
161 Elf32_Word size;
162
163 if (likely (map_address != NULL))
164 /* gcc will optimize the memcpy to a simple memory
165 access while taking care of alignment issues. */
166 memcpy (&size, &((Elf32_Shdr *) ((char *) map_address
167 + ehdr.e32->e_shoff
168 + offset))->sh_size,
169 sizeof (Elf32_Word));
170 else
171 if (unlikely (pread_retry (fildes, &size, sizeof (Elf32_Word),
172 offset + ehdr.e32->e_shoff
173 + offsetof (Elf32_Shdr, sh_size))
174 != sizeof (Elf32_Word)))
175 return (size_t) -1l;
176
177 if (e_ident[EI_DATA] != MY_ELFDATA)
178 CONVERT (size);
179
180 result = size;
181 }
182 }
183
184 /* If the section headers were truncated, pretend none were there. */
185 if (ehdr.e32->e_shoff > maxsize
186 || maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr) * result)
187 result = 0;
188 }
189 else
190 {
191 /* Get the number of sections from the ELF header. */
192 result = ehdr.e64->e_shnum;
193
194 if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
195 {
196 if (unlikely (ehdr.e64->e_shoff >= maxsize)
197 || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
198 /* Cannot read the first section header. */
199 return 0;
200
201 Elf64_Xword size;
202 if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
203 && (ALLOW_UNALIGNED
204 || (((size_t) ((char *) map_address + offset))
205 & (__alignof__ (Elf64_Ehdr) - 1)) == 0))
206 /* We can directly access the memory. */
207 size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff
208 + offset))->sh_size;
209 else
210 {
211 if (likely (map_address != NULL))
212 /* gcc will optimize the memcpy to a simple memory
213 access while taking care of alignment issues. */
214 memcpy (&size, &((Elf64_Shdr *) ((char *) map_address
215 + ehdr.e64->e_shoff
216 + offset))->sh_size,
217 sizeof (Elf64_Xword));
218 else
219 if (unlikely (pread_retry (fildes, &size, sizeof (Elf64_Word),
220 offset + ehdr.e64->e_shoff
221 + offsetof (Elf64_Shdr, sh_size))
222 != sizeof (Elf64_Xword)))
223 return (size_t) -1l;
224
225 if (e_ident[EI_DATA] != MY_ELFDATA)
226 CONVERT (size);
227 }
228
229 if (size > ~((GElf_Word) 0))
230 /* Invalid value, it is too large. */
231 return (size_t) -1l;
232
233 result = size;
234 }
235
236 /* If the section headers were truncated, pretend none were there. */
237 if (ehdr.e64->e_shoff > maxsize
238 || maxsize - ehdr.e64->e_shoff < sizeof (Elf64_Shdr) * result)
239 result = 0;
240 }
241
242 return result;
243 }
244
245
246 /* Create descriptor for ELF file in memory. */
247 static Elf *
file_read_elf(int fildes,void * map_address,unsigned char * e_ident,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)248 file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
249 off_t offset, size_t maxsize, Elf_Cmd cmd, Elf *parent)
250 {
251 /* Verify the binary is of the class we can handle. */
252 if (unlikely ((e_ident[EI_CLASS] != ELFCLASS32
253 && e_ident[EI_CLASS] != ELFCLASS64)
254 /* We also can only handle two encodings. */
255 || (e_ident[EI_DATA] != ELFDATA2LSB
256 && e_ident[EI_DATA] != ELFDATA2MSB)))
257 {
258 /* Cannot handle this. */
259 __libelf_seterrno (ELF_E_INVALID_FILE);
260 return NULL;
261 }
262
263 /* Determine the number of sections. */
264 size_t scncnt = get_shnum (map_address, e_ident, fildes, offset, maxsize);
265 if (scncnt == (size_t) -1l)
266 /* Could not determine the number of sections. */
267 return NULL;
268
269 /* Check for too many sections. */
270 if (e_ident[EI_CLASS] == ELFCLASS32)
271 {
272 if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
273 return NULL;
274 }
275 else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
276 return NULL;
277
278 /* We can now allocate the memory. Even if there are no section headers,
279 we allocate space for a zeroth section in case we need it later. */
280 const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
281 ? 1 : 0);
282 Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
283 ELF_K_ELF, scnmax * sizeof (Elf_Scn));
284 if (elf == NULL)
285 /* Not enough memory. */
286 return NULL;
287
288 assert ((unsigned int) scncnt == scncnt);
289 assert (offsetof (struct Elf, state.elf32.scns)
290 == offsetof (struct Elf, state.elf64.scns));
291 elf->state.elf32.scns.cnt = scncnt;
292 elf->state.elf32.scns.max = scnmax;
293
294 /* Some more or less arbitrary value. */
295 elf->state.elf.scnincr = 10;
296
297 /* Make the class easily available. */
298 elf->class = e_ident[EI_CLASS];
299
300 if (e_ident[EI_CLASS] == ELFCLASS32)
301 {
302 /* This pointer might not be directly usable if the alignment is
303 not sufficient for the architecture. */
304 Elf32_Ehdr *ehdr = (Elf32_Ehdr *) ((char *) map_address + offset);
305
306 /* This is a 32-bit binary. */
307 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
308 && (ALLOW_UNALIGNED
309 || ((((uintptr_t) ehdr) & (__alignof__ (Elf32_Ehdr) - 1)) == 0
310 && ((uintptr_t) ((char *) ehdr + ehdr->e_shoff)
311 & (__alignof__ (Elf32_Shdr) - 1)) == 0
312 && ((uintptr_t) ((char *) ehdr + ehdr->e_phoff)
313 & (__alignof__ (Elf32_Phdr) - 1)) == 0)))
314 {
315 /* We can use the mmapped memory. */
316 elf->state.elf32.ehdr = ehdr;
317
318 if (unlikely (ehdr->e_shoff >= maxsize)
319 || unlikely (maxsize - ehdr->e_shoff
320 < scncnt * sizeof (Elf32_Shdr)))
321 {
322 free_and_out:
323 free (elf);
324 __libelf_seterrno (ELF_E_INVALID_FILE);
325 return NULL;
326 }
327 elf->state.elf32.shdr
328 = (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
329
330 /* Don't precache the phdr pointer here.
331 elf32_getphdr will validate it against the size when asked. */
332
333 for (size_t cnt = 0; cnt < scncnt; ++cnt)
334 {
335 elf->state.elf32.scns.data[cnt].index = cnt;
336 elf->state.elf32.scns.data[cnt].elf = elf;
337 elf->state.elf32.scns.data[cnt].shdr.e32 =
338 &elf->state.elf32.shdr[cnt];
339 if (likely (elf->state.elf32.shdr[cnt].sh_offset < maxsize)
340 && likely (elf->state.elf32.shdr[cnt].sh_size
341 <= maxsize - elf->state.elf32.shdr[cnt].sh_offset))
342 elf->state.elf32.scns.data[cnt].rawdata_base =
343 elf->state.elf32.scns.data[cnt].data_base =
344 ((char *) map_address + offset
345 + elf->state.elf32.shdr[cnt].sh_offset);
346 elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
347
348 /* If this is a section with an extended index add a
349 reference in the section which uses the extended
350 index. */
351 if (elf->state.elf32.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
352 && elf->state.elf32.shdr[cnt].sh_link < scncnt)
353 elf->state.elf32.scns.data[elf->state.elf32.shdr[cnt].sh_link].shndx_index
354 = cnt;
355
356 /* Set the own shndx_index field in case it has not yet
357 been set. */
358 if (elf->state.elf32.scns.data[cnt].shndx_index == 0)
359 elf->state.elf32.scns.data[cnt].shndx_index = -1;
360 }
361 }
362 else
363 {
364 /* Copy the ELF header. */
365 elf->state.elf32.ehdr = memcpy (&elf->state.elf32.ehdr_mem, e_ident,
366 sizeof (Elf32_Ehdr));
367
368 if (e_ident[EI_DATA] != MY_ELFDATA)
369 {
370 CONVERT (elf->state.elf32.ehdr_mem.e_type);
371 CONVERT (elf->state.elf32.ehdr_mem.e_machine);
372 CONVERT (elf->state.elf32.ehdr_mem.e_version);
373 CONVERT (elf->state.elf32.ehdr_mem.e_entry);
374 CONVERT (elf->state.elf32.ehdr_mem.e_phoff);
375 CONVERT (elf->state.elf32.ehdr_mem.e_shoff);
376 CONVERT (elf->state.elf32.ehdr_mem.e_flags);
377 CONVERT (elf->state.elf32.ehdr_mem.e_ehsize);
378 CONVERT (elf->state.elf32.ehdr_mem.e_phentsize);
379 CONVERT (elf->state.elf32.ehdr_mem.e_phnum);
380 CONVERT (elf->state.elf32.ehdr_mem.e_shentsize);
381 CONVERT (elf->state.elf32.ehdr_mem.e_shnum);
382 CONVERT (elf->state.elf32.ehdr_mem.e_shstrndx);
383 }
384
385 for (size_t cnt = 0; cnt < scncnt; ++cnt)
386 {
387 elf->state.elf32.scns.data[cnt].index = cnt;
388 elf->state.elf32.scns.data[cnt].elf = elf;
389 elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
390 }
391 }
392
393 /* So far only one block with sections. */
394 elf->state.elf32.scns_last = &elf->state.elf32.scns;
395 }
396 else
397 {
398 /* This pointer might not be directly usable if the alignment is
399 not sufficient for the architecture. */
400 Elf64_Ehdr *ehdr = (Elf64_Ehdr *) ((char *) map_address + offset);
401
402 /* This is a 64-bit binary. */
403 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
404 && (ALLOW_UNALIGNED
405 || ((((uintptr_t) ehdr) & (__alignof__ (Elf64_Ehdr) - 1)) == 0
406 && ((uintptr_t) ((char *) ehdr + ehdr->e_shoff)
407 & (__alignof__ (Elf64_Shdr) - 1)) == 0
408 && ((uintptr_t) ((char *) ehdr + ehdr->e_phoff)
409 & (__alignof__ (Elf64_Phdr) - 1)) == 0)))
410 {
411 /* We can use the mmapped memory. */
412 elf->state.elf64.ehdr = ehdr;
413
414 if (unlikely (ehdr->e_shoff >= maxsize)
415 || unlikely (maxsize - ehdr->e_shoff
416 < scncnt * sizeof (Elf64_Shdr)))
417 goto free_and_out;
418 elf->state.elf64.shdr
419 = (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
420
421 /* Don't precache the phdr pointer here.
422 elf64_getphdr will validate it against the size when asked. */
423
424 for (size_t cnt = 0; cnt < scncnt; ++cnt)
425 {
426 elf->state.elf64.scns.data[cnt].index = cnt;
427 elf->state.elf64.scns.data[cnt].elf = elf;
428 elf->state.elf64.scns.data[cnt].shdr.e64 =
429 &elf->state.elf64.shdr[cnt];
430 if (likely (elf->state.elf64.shdr[cnt].sh_offset < maxsize)
431 && likely (elf->state.elf64.shdr[cnt].sh_size
432 <= maxsize - elf->state.elf64.shdr[cnt].sh_offset))
433 elf->state.elf64.scns.data[cnt].rawdata_base =
434 elf->state.elf64.scns.data[cnt].data_base =
435 ((char *) map_address + offset
436 + elf->state.elf64.shdr[cnt].sh_offset);
437 elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
438
439 /* If this is a section with an extended index add a
440 reference in the section which uses the extended
441 index. */
442 if (elf->state.elf64.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
443 && elf->state.elf64.shdr[cnt].sh_link < scncnt)
444 elf->state.elf64.scns.data[elf->state.elf64.shdr[cnt].sh_link].shndx_index
445 = cnt;
446
447 /* Set the own shndx_index field in case it has not yet
448 been set. */
449 if (elf->state.elf64.scns.data[cnt].shndx_index == 0)
450 elf->state.elf64.scns.data[cnt].shndx_index = -1;
451 }
452 }
453 else
454 {
455 /* Copy the ELF header. */
456 elf->state.elf64.ehdr = memcpy (&elf->state.elf64.ehdr_mem, e_ident,
457 sizeof (Elf64_Ehdr));
458
459 if (e_ident[EI_DATA] != MY_ELFDATA)
460 {
461 CONVERT (elf->state.elf64.ehdr_mem.e_type);
462 CONVERT (elf->state.elf64.ehdr_mem.e_machine);
463 CONVERT (elf->state.elf64.ehdr_mem.e_version);
464 CONVERT (elf->state.elf64.ehdr_mem.e_entry);
465 CONVERT (elf->state.elf64.ehdr_mem.e_phoff);
466 CONVERT (elf->state.elf64.ehdr_mem.e_shoff);
467 CONVERT (elf->state.elf64.ehdr_mem.e_flags);
468 CONVERT (elf->state.elf64.ehdr_mem.e_ehsize);
469 CONVERT (elf->state.elf64.ehdr_mem.e_phentsize);
470 CONVERT (elf->state.elf64.ehdr_mem.e_phnum);
471 CONVERT (elf->state.elf64.ehdr_mem.e_shentsize);
472 CONVERT (elf->state.elf64.ehdr_mem.e_shnum);
473 CONVERT (elf->state.elf64.ehdr_mem.e_shstrndx);
474 }
475
476 for (size_t cnt = 0; cnt < scncnt; ++cnt)
477 {
478 elf->state.elf64.scns.data[cnt].index = cnt;
479 elf->state.elf64.scns.data[cnt].elf = elf;
480 elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
481 }
482 }
483
484 /* So far only one block with sections. */
485 elf->state.elf64.scns_last = &elf->state.elf64.scns;
486 }
487
488 return elf;
489 }
490
491
492 Elf *
493 internal_function
__libelf_read_mmaped_file(int fildes,void * map_address,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)494 __libelf_read_mmaped_file (int fildes, void *map_address, off_t offset,
495 size_t maxsize, Elf_Cmd cmd, Elf *parent)
496 {
497 /* We have to find out what kind of file this is. We handle ELF
498 files and archives. To find out what we have we must look at the
499 header. The header for an ELF file is EI_NIDENT bytes in size,
500 the header for an archive file SARMAG bytes long. */
501 unsigned char *e_ident = (unsigned char *) map_address + offset;
502
503 /* See what kind of object we have here. */
504 Elf_Kind kind = determine_kind (e_ident, maxsize);
505
506 switch (kind)
507 {
508 case ELF_K_ELF:
509 return file_read_elf (fildes, map_address, e_ident, offset, maxsize,
510 cmd, parent);
511
512 case ELF_K_AR:
513 return file_read_ar (fildes, map_address, offset, maxsize, cmd, parent);
514
515 default:
516 break;
517 }
518
519 /* This case is easy. Since we cannot do anything with this file
520 create a dummy descriptor. */
521 return allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
522 ELF_K_NONE, 0);
523 }
524
525
526 static Elf *
read_unmmaped_file(int fildes,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)527 read_unmmaped_file (int fildes, off_t offset, size_t maxsize, Elf_Cmd cmd,
528 Elf *parent)
529 {
530 /* We have to find out what kind of file this is. We handle ELF
531 files and archives. To find out what we have we must read the
532 header. The identification header for an ELF file is EI_NIDENT
533 bytes in size, but we read the whole ELF header since we will
534 need it anyway later. For archives the header in SARMAG bytes
535 long. Read the maximum of these numbers.
536
537 XXX We have to change this for the extended `ar' format some day.
538
539 Use a union to ensure alignment. We might later access the
540 memory as a ElfXX_Ehdr. */
541 union
542 {
543 Elf64_Ehdr ehdr;
544 unsigned char header[MAX (sizeof (Elf64_Ehdr), SARMAG)];
545 } mem;
546
547 /* Read the head of the file. */
548 ssize_t nread = pread_retry (fildes, mem.header,
549 MIN (MAX (sizeof (Elf64_Ehdr), SARMAG),
550 maxsize),
551 offset);
552 if (unlikely (nread == -1))
553 {
554 /* We cannot even read the head of the file. Maybe FILDES is associated
555 with an unseekable device. This is nothing we can handle. */
556 __libelf_seterrno (ELF_E_INVALID_FILE);
557 return NULL;
558 }
559
560 /* See what kind of object we have here. */
561 Elf_Kind kind = determine_kind (mem.header, nread);
562
563 switch (kind)
564 {
565 case ELF_K_AR:
566 return file_read_ar (fildes, NULL, offset, maxsize, cmd, parent);
567
568 case ELF_K_ELF:
569 /* Make sure at least the ELF header is contained in the file. */
570 if ((size_t) nread >= (mem.header[EI_CLASS] == ELFCLASS32
571 ? sizeof (Elf32_Ehdr) : sizeof (Elf64_Ehdr)))
572 return file_read_elf (fildes, NULL, mem.header, offset, maxsize, cmd,
573 parent);
574 /* FALLTHROUGH */
575
576 default:
577 break;
578 }
579
580 /* This case is easy. Since we cannot do anything with this file
581 create a dummy descriptor. */
582 return allocate_elf (fildes, NULL, offset, maxsize, cmd, parent,
583 ELF_K_NONE, 0);
584 }
585
586
587 /* Open a file for reading. If possible we will try to mmap() the file. */
588 static struct Elf *
read_file(int fildes,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)589 read_file (int fildes, off_t offset, size_t maxsize,
590 Elf_Cmd cmd, Elf *parent)
591 {
592 void *map_address = NULL;
593 int use_mmap = (cmd == ELF_C_READ_MMAP || cmd == ELF_C_RDWR_MMAP
594 || cmd == ELF_C_WRITE_MMAP
595 || cmd == ELF_C_READ_MMAP_PRIVATE);
596
597 if (use_mmap)
598 {
599 if (parent == NULL)
600 {
601 if (maxsize == ~((size_t) 0))
602 {
603 /* We don't know in the moment how large the file is.
604 Determine it now. */
605 struct stat st;
606
607 if (fstat (fildes, &st) == 0
608 && (sizeof (size_t) >= sizeof (st.st_size)
609 || st.st_size <= ~((size_t) 0)))
610 maxsize = (size_t) st.st_size;
611 }
612
613 /* We try to map the file ourself. */
614 map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP
615 ? PROT_READ
616 : PROT_READ|PROT_WRITE),
617 cmd == ELF_C_READ_MMAP_PRIVATE
618 || cmd == ELF_C_READ_MMAP
619 ? MAP_PRIVATE : MAP_SHARED,
620 fildes, offset);
621
622 if (map_address == MAP_FAILED)
623 map_address = NULL;
624 }
625 else
626 {
627 /* The parent is already loaded. Use it. */
628 assert (maxsize != ~((size_t) 0));
629
630 map_address = parent->map_address;
631 }
632 }
633
634 /* If we have the file in memory optimize the access. */
635 if (map_address != NULL)
636 {
637 assert (map_address != MAP_FAILED);
638
639 struct Elf *result = __libelf_read_mmaped_file (fildes, map_address,
640 offset, maxsize, cmd,
641 parent);
642
643 /* If something went wrong during the initialization unmap the
644 memory if we mmaped here. */
645 if (result == NULL
646 && (parent == NULL
647 || parent->map_address != map_address))
648 munmap (map_address, maxsize);
649 else if (parent == NULL)
650 /* Remember that we mmap()ed the memory. */
651 result->flags |= ELF_F_MMAPPED;
652
653 return result;
654 }
655
656 /* Otherwise we have to do it the hard way. We read as much as necessary
657 from the file whenever we need information which is not available. */
658 return read_unmmaped_file (fildes, offset, maxsize, cmd, parent);
659 }
660
661
662 /* Find the entry with the long names for the content of this archive. */
663 static const char *
read_long_names(Elf * elf)664 read_long_names (Elf *elf)
665 {
666 off_t offset = SARMAG; /* This is the first entry. */
667 struct ar_hdr hdrm;
668 struct ar_hdr *hdr;
669 char *newp;
670 size_t len;
671
672 while (1)
673 {
674 if (elf->map_address != NULL)
675 {
676 if ((size_t) offset > elf->maximum_size
677 || elf->maximum_size - offset < sizeof (struct ar_hdr))
678 return NULL;
679
680 /* The data is mapped. */
681 hdr = (struct ar_hdr *) (elf->map_address + offset);
682 }
683 else
684 {
685 /* Read the header from the file. */
686 if (unlikely (pread_retry (elf->fildes, &hdrm, sizeof (hdrm),
687 elf->start_offset + offset)
688 != sizeof (hdrm)))
689 return NULL;
690
691 hdr = &hdrm;
692 }
693
694 len = atol (hdr->ar_size);
695
696 if (memcmp (hdr->ar_name, "// ", 16) == 0)
697 break;
698
699 offset += sizeof (struct ar_hdr) + ((len + 1) & ~1l);
700 }
701
702 /* Due to the stupid format of the long name table entry (which are not
703 NUL terminted) we have to provide an appropriate representation anyhow.
704 Therefore we always make a copy which has the appropriate form. */
705 newp = (char *) malloc (len);
706 if (newp != NULL)
707 {
708 char *runp;
709
710 if (elf->map_address != NULL)
711 {
712 if (len > elf->maximum_size - offset - sizeof (struct ar_hdr))
713 goto too_much;
714 /* Simply copy it over. */
715 elf->state.ar.long_names = (char *) memcpy (newp,
716 elf->map_address + offset
717 + sizeof (struct ar_hdr),
718 len);
719 }
720 else
721 {
722 if (unlikely ((size_t) pread_retry (elf->fildes, newp, len,
723 elf->start_offset + offset
724 + sizeof (struct ar_hdr))
725 != len))
726 {
727 too_much:
728 /* We were not able to read all data. */
729 free (newp);
730 elf->state.ar.long_names = NULL;
731 return NULL;
732 }
733 elf->state.ar.long_names = newp;
734 }
735
736 elf->state.ar.long_names_len = len;
737
738 /* Now NUL-terminate the strings. */
739 runp = newp;
740 while (1)
741 {
742 char *startp = runp;
743 runp = (char *) memchr (runp, '/', newp + len - runp);
744 if (runp == NULL)
745 {
746 /* This was the last entry. Clear any left overs. */
747 memset (startp, '\0', newp + len - startp);
748 break;
749 }
750
751 /* NUL-terminate the string. */
752 *runp = '\0';
753
754 /* Skip the NUL byte and the \012. */
755 runp += 2;
756
757 /* A sanity check. Somebody might have generated invalid
758 archive. */
759 if (runp >= newp + len)
760 break;
761 }
762 }
763
764 return newp;
765 }
766
767
768 /* Read the next archive header. */
769 int
770 internal_function
__libelf_next_arhdr_wrlock(elf)771 __libelf_next_arhdr_wrlock (elf)
772 Elf *elf;
773 {
774 struct ar_hdr *ar_hdr;
775 Elf_Arhdr *elf_ar_hdr;
776
777 if (elf->map_address != NULL)
778 {
779 /* See whether this entry is in the file. */
780 if (unlikely ((size_t) elf->state.ar.offset
781 > elf->start_offset + elf->maximum_size
782 || (elf->start_offset + elf->maximum_size
783 - elf->state.ar.offset) < sizeof (struct ar_hdr)))
784 {
785 /* This record is not anymore in the file. */
786 __libelf_seterrno (ELF_E_RANGE);
787 return -1;
788 }
789 ar_hdr = (struct ar_hdr *) (elf->map_address + elf->state.ar.offset);
790 }
791 else
792 {
793 ar_hdr = &elf->state.ar.ar_hdr;
794
795 if (unlikely (pread_retry (elf->fildes, ar_hdr, sizeof (struct ar_hdr),
796 elf->state.ar.offset)
797 != sizeof (struct ar_hdr)))
798 {
799 /* Something went wrong while reading the file. */
800 __libelf_seterrno (ELF_E_RANGE);
801 return -1;
802 }
803 }
804
805 /* One little consistency check. */
806 if (unlikely (memcmp (ar_hdr->ar_fmag, ARFMAG, 2) != 0))
807 {
808 /* This is no valid archive. */
809 __libelf_seterrno (ELF_E_ARCHIVE_FMAG);
810 return -1;
811 }
812
813 /* Copy the raw name over to a NUL terminated buffer. */
814 *((char *) mempcpy (elf->state.ar.raw_name, ar_hdr->ar_name, 16)) = '\0';
815
816 elf_ar_hdr = &elf->state.ar.elf_ar_hdr;
817
818 /* Now convert the `struct ar_hdr' into `Elf_Arhdr'.
819 Determine whether this is a special entry. */
820 if (ar_hdr->ar_name[0] == '/')
821 {
822 if (ar_hdr->ar_name[1] == ' '
823 && memcmp (ar_hdr->ar_name, "/ ", 16) == 0)
824 /* This is the index. */
825 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/", 2);
826 else if (ar_hdr->ar_name[1] == 'S'
827 && memcmp (ar_hdr->ar_name, "/SYM64/ ", 16) == 0)
828 /* 64-bit index. */
829 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/SYM64/", 8);
830 else if (ar_hdr->ar_name[1] == '/'
831 && memcmp (ar_hdr->ar_name, "// ", 16) == 0)
832 /* This is the array with the long names. */
833 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "//", 3);
834 else if (likely (isdigit (ar_hdr->ar_name[1])))
835 {
836 size_t offset;
837
838 /* This is a long name. First we have to read the long name
839 table, if this hasn't happened already. */
840 if (unlikely (elf->state.ar.long_names == NULL
841 && read_long_names (elf) == NULL))
842 {
843 /* No long name table although it is reference. The archive is
844 broken. */
845 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
846 return -1;
847 }
848
849 offset = atol (ar_hdr->ar_name + 1);
850 if (unlikely (offset >= elf->state.ar.long_names_len))
851 {
852 /* The index in the long name table is larger than the table. */
853 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
854 return -1;
855 }
856 elf_ar_hdr->ar_name = elf->state.ar.long_names + offset;
857 }
858 else
859 {
860 /* This is none of the known special entries. */
861 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
862 return -1;
863 }
864 }
865 else
866 {
867 char *endp;
868
869 /* It is a normal entry. Copy over the name. */
870 endp = (char *) memccpy (elf->state.ar.ar_name, ar_hdr->ar_name,
871 '/', 16);
872 if (endp != NULL)
873 endp[-1] = '\0';
874 else
875 {
876 /* In the old BSD style of archive, there is no / terminator.
877 Instead, there is space padding at the end of the name. */
878 size_t i = 15;
879 do
880 elf->state.ar.ar_name[i] = '\0';
881 while (i > 0 && elf->state.ar.ar_name[--i] == ' ');
882 }
883
884 elf_ar_hdr->ar_name = elf->state.ar.ar_name;
885 }
886
887 if (unlikely (ar_hdr->ar_size[0] == ' '))
888 /* Something is really wrong. We cannot live without a size for
889 the member since it will not be possible to find the next
890 archive member. */
891 {
892 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
893 return -1;
894 }
895
896 /* Since there are no specialized functions to convert ASCII to
897 time_t, uid_t, gid_t, mode_t, and off_t we use either atol or
898 atoll depending on the size of the types. We are also prepared
899 for the case where the whole field in the `struct ar_hdr' is
900 filled in which case we cannot simply use atol/l but instead have
901 to create a temporary copy. */
902
903 #define INT_FIELD(FIELD) \
904 do \
905 { \
906 char buf[sizeof (ar_hdr->FIELD) + 1]; \
907 const char *string = ar_hdr->FIELD; \
908 if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ') \
909 { \
910 *((char *) mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD))) \
911 = '\0'; \
912 string = buf; \
913 } \
914 if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int)) \
915 elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atol (string); \
916 else \
917 elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atoll (string); \
918 } \
919 while (0)
920
921 INT_FIELD (ar_date);
922 INT_FIELD (ar_uid);
923 INT_FIELD (ar_gid);
924 INT_FIELD (ar_mode);
925 INT_FIELD (ar_size);
926
927 /* Truncated file? */
928 size_t maxsize;
929 maxsize = elf->maximum_size - elf->state.ar.offset - sizeof (struct ar_hdr);
930 if ((size_t) elf_ar_hdr->ar_size > maxsize)
931 elf_ar_hdr->ar_size = maxsize;
932
933 return 0;
934 }
935
936
937 /* We were asked to return a clone of an existing descriptor. This
938 function must be called with the lock on the parent descriptor
939 being held. */
940 static Elf *
dup_elf(int fildes,Elf_Cmd cmd,Elf * ref)941 dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
942 {
943 struct Elf *result;
944
945 if (fildes == -1)
946 /* Allow the user to pass -1 as the file descriptor for the new file. */
947 fildes = ref->fildes;
948 /* The file descriptor better should be the same. If it was disconnected
949 already (using `elf_cntl') we do not test it. */
950 else if (unlikely (ref->fildes != -1 && fildes != ref->fildes))
951 {
952 __libelf_seterrno (ELF_E_FD_MISMATCH);
953 return NULL;
954 }
955
956 /* The mode must allow reading. I.e., a descriptor creating with a
957 command different then ELF_C_READ, ELF_C_WRITE and ELF_C_RDWR is
958 not allowed. */
959 if (unlikely (ref->cmd != ELF_C_READ && ref->cmd != ELF_C_READ_MMAP
960 && ref->cmd != ELF_C_WRITE && ref->cmd != ELF_C_WRITE_MMAP
961 && ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
962 && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
963 {
964 __libelf_seterrno (ELF_E_INVALID_OP);
965 return NULL;
966 }
967
968 /* Now it is time to distinguish between reading normal files and
969 archives. Normal files can easily be handled be incrementing the
970 reference counter and return the same descriptor. */
971 if (ref->kind != ELF_K_AR)
972 {
973 ++ref->ref_count;
974 return ref;
975 }
976
977 /* This is an archive. We must create a descriptor for the archive
978 member the internal pointer of the archive file desriptor is
979 pointing to. First read the header of the next member if this
980 has not happened already. */
981 if (ref->state.ar.elf_ar_hdr.ar_name == NULL
982 && __libelf_next_arhdr_wrlock (ref) != 0)
983 /* Something went wrong. Maybe there is no member left. */
984 return NULL;
985
986 /* We have all the information we need about the next archive member.
987 Now create a descriptor for it. */
988 result = read_file (fildes, ref->state.ar.offset + sizeof (struct ar_hdr),
989 ref->state.ar.elf_ar_hdr.ar_size, cmd, ref);
990
991 /* Enlist this new descriptor in the list of children. */
992 if (result != NULL)
993 {
994 result->next = ref->state.ar.children;
995 ref->state.ar.children = result;
996 }
997
998 return result;
999 }
1000
1001
1002 /* Return desriptor for empty file ready for writing. */
1003 static struct Elf *
write_file(int fd,Elf_Cmd cmd)1004 write_file (int fd, Elf_Cmd cmd)
1005 {
1006 /* We simply create an empty `Elf' structure. */
1007 #define NSCNSALLOC 10
1008 Elf *result = allocate_elf (fd, NULL, 0, 0, cmd, NULL, ELF_K_ELF,
1009 NSCNSALLOC * sizeof (Elf_Scn));
1010
1011 if (result != NULL)
1012 {
1013 /* We have to write to the file in any case. */
1014 result->flags = ELF_F_DIRTY;
1015
1016 /* Some more or less arbitrary value. */
1017 result->state.elf.scnincr = NSCNSALLOC;
1018
1019 /* We have allocated room for some sections. */
1020 assert (offsetof (struct Elf, state.elf32.scns)
1021 == offsetof (struct Elf, state.elf64.scns));
1022 result->state.elf.scns_last = &result->state.elf32.scns;
1023 result->state.elf32.scns.max = NSCNSALLOC;
1024 }
1025
1026 return result;
1027 }
1028
1029
1030 /* Return a descriptor for the file belonging to FILDES. */
1031 Elf *
elf_begin(fildes,cmd,ref)1032 elf_begin (fildes, cmd, ref)
1033 int fildes;
1034 Elf_Cmd cmd;
1035 Elf *ref;
1036 {
1037 Elf *retval;
1038
1039 if (unlikely (! __libelf_version_initialized))
1040 {
1041 /* Version wasn't set so far. */
1042 __libelf_seterrno (ELF_E_NO_VERSION);
1043 return NULL;
1044 }
1045
1046 if (ref != NULL)
1047 /* Make sure the descriptor is not suddenly going away. */
1048 rwlock_rdlock (ref->lock);
1049 else if (unlikely (fcntl (fildes, F_GETFL) == -1 && errno == EBADF))
1050 {
1051 /* We cannot do anything productive without a file descriptor. */
1052 __libelf_seterrno (ELF_E_INVALID_FILE);
1053 return NULL;
1054 }
1055
1056 Elf *lock_dup_elf ()
1057 {
1058 /* We need wrlock to dup an archive. */
1059 if (ref->kind == ELF_K_AR)
1060 {
1061 rwlock_unlock (ref->lock);
1062 rwlock_wrlock (ref->lock);
1063 }
1064
1065 /* Duplicate the descriptor. */
1066 return dup_elf (fildes, cmd, ref);
1067 }
1068
1069 switch (cmd)
1070 {
1071 case ELF_C_NULL:
1072 /* We simply return a NULL pointer. */
1073 retval = NULL;
1074 break;
1075
1076 case ELF_C_READ_MMAP_PRIVATE:
1077 /* If we have a reference it must also be opened this way. */
1078 if (unlikely (ref != NULL && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
1079 {
1080 __libelf_seterrno (ELF_E_INVALID_CMD);
1081 retval = NULL;
1082 break;
1083 }
1084 /* FALLTHROUGH */
1085
1086 case ELF_C_READ:
1087 case ELF_C_READ_MMAP:
1088 if (ref != NULL)
1089 retval = lock_dup_elf ();
1090 else
1091 /* Create descriptor for existing file. */
1092 retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
1093 break;
1094
1095 case ELF_C_RDWR:
1096 case ELF_C_RDWR_MMAP:
1097 /* If we have a REF object it must also be opened using this
1098 command. */
1099 if (ref != NULL)
1100 {
1101 if (unlikely (ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
1102 && ref->cmd != ELF_C_WRITE
1103 && ref->cmd != ELF_C_WRITE_MMAP))
1104 {
1105 /* This is not ok. REF must also be opened for writing. */
1106 __libelf_seterrno (ELF_E_INVALID_CMD);
1107 retval = NULL;
1108 }
1109 else
1110 retval = lock_dup_elf ();
1111 }
1112 else
1113 /* Create descriptor for existing file. */
1114 retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
1115 break;
1116
1117 case ELF_C_WRITE:
1118 case ELF_C_WRITE_MMAP:
1119 /* We ignore REF and prepare a descriptor to write a new file. */
1120 retval = write_file (fildes, cmd);
1121 break;
1122
1123 default:
1124 __libelf_seterrno (ELF_E_INVALID_CMD);
1125 retval = NULL;
1126 break;
1127 }
1128
1129 /* Release the lock. */
1130 if (ref != NULL)
1131 rwlock_unlock (ref->lock);
1132
1133 return retval;
1134 }
1135 INTDEF(elf_begin)
1136