1 /* Create descriptor for processing file.
2 Copyright (C) 1998-2010, 2012, 2014, 2015 Red Hat, Inc.
3 This file is part of elfutils.
4 Written by Ulrich Drepper <drepper@redhat.com>, 1998.
5
6 This file is free software; you can redistribute it and/or modify
7 it under the terms of either
8
9 * the GNU Lesser General Public License as published by the Free
10 Software Foundation; either version 3 of the License, or (at
11 your option) any later version
12
13 or
14
15 * the GNU General Public License as published by the Free
16 Software Foundation; either version 2 of the License, or (at
17 your option) any later version
18
19 or both in parallel, as here.
20
21 elfutils is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
25
26 You should have received copies of the GNU General Public License and
27 the GNU Lesser General Public License along with this program. If
28 not, see <http://www.gnu.org/licenses/>. */
29
30 #ifdef HAVE_CONFIG_H
31 # include <config.h>
32 #endif
33
34 #include <assert.h>
35 #include <ctype.h>
36 #include <errno.h>
37 #include <fcntl.h>
38 #include <stdbool.h>
39 #include <stddef.h>
40 #include <string.h>
41 #include <unistd.h>
42 #include <sys/mman.h>
43 #include <sys/param.h>
44 #include <sys/stat.h>
45
46 #include <system.h>
47 #include "libelfP.h"
48 #include "common.h"
49
50
51 /* Create descriptor for archive in memory. */
52 static inline Elf *
file_read_ar(int fildes,void * map_address,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)53 file_read_ar (int fildes, void *map_address, off_t offset, size_t maxsize,
54 Elf_Cmd cmd, Elf *parent)
55 {
56 Elf *elf;
57
58 /* Create a descriptor. */
59 elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
60 ELF_K_AR, 0);
61 if (elf != NULL)
62 {
63 /* We don't read all the symbol tables in advance. All this will
64 happen on demand. */
65 elf->state.ar.offset = offset + SARMAG;
66
67 elf->state.ar.elf_ar_hdr.ar_rawname = elf->state.ar.raw_name;
68 }
69
70 return elf;
71 }
72
73
74 static size_t
get_shnum(void * map_address,unsigned char * e_ident,int fildes,off_t offset,size_t maxsize)75 get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset,
76 size_t maxsize)
77 {
78 size_t result;
79 union
80 {
81 Elf32_Ehdr *e32;
82 Elf64_Ehdr *e64;
83 void *p;
84 } ehdr;
85 union
86 {
87 Elf32_Ehdr e32;
88 Elf64_Ehdr e64;
89 } ehdr_mem;
90 bool is32 = e_ident[EI_CLASS] == ELFCLASS32;
91
92 /* Make the ELF header available. */
93 if (e_ident[EI_DATA] == MY_ELFDATA
94 && (ALLOW_UNALIGNED
95 || (((size_t) e_ident
96 & ((is32 ? __alignof__ (Elf32_Ehdr) : __alignof__ (Elf64_Ehdr))
97 - 1)) == 0)))
98 ehdr.p = e_ident;
99 else
100 {
101 /* We already read the ELF header. We have to copy the header
102 since we possibly modify the data here and the caller
103 expects the memory it passes in to be preserved. */
104 ehdr.p = &ehdr_mem;
105
106 if (is32)
107 {
108 if (ALLOW_UNALIGNED)
109 {
110 ehdr_mem.e32.e_shnum = ((Elf32_Ehdr *) e_ident)->e_shnum;
111 ehdr_mem.e32.e_shoff = ((Elf32_Ehdr *) e_ident)->e_shoff;
112 }
113 else
114 memcpy (&ehdr_mem, e_ident, sizeof (Elf32_Ehdr));
115
116 if (e_ident[EI_DATA] != MY_ELFDATA)
117 {
118 CONVERT (ehdr_mem.e32.e_shnum);
119 CONVERT (ehdr_mem.e32.e_shoff);
120 }
121 }
122 else
123 {
124 if (ALLOW_UNALIGNED)
125 {
126 ehdr_mem.e64.e_shnum = ((Elf64_Ehdr *) e_ident)->e_shnum;
127 ehdr_mem.e64.e_shoff = ((Elf64_Ehdr *) e_ident)->e_shoff;
128 }
129 else
130 memcpy (&ehdr_mem, e_ident, sizeof (Elf64_Ehdr));
131
132 if (e_ident[EI_DATA] != MY_ELFDATA)
133 {
134 CONVERT (ehdr_mem.e64.e_shnum);
135 CONVERT (ehdr_mem.e64.e_shoff);
136 }
137 }
138 }
139
140 if (is32)
141 {
142 /* Get the number of sections from the ELF header. */
143 result = ehdr.e32->e_shnum;
144
145 if (unlikely (result == 0) && ehdr.e32->e_shoff != 0)
146 {
147 if (unlikely (ehdr.e32->e_shoff >= maxsize)
148 || unlikely (maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr)))
149 /* Cannot read the first section header. */
150 return 0;
151
152 if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
153 && (ALLOW_UNALIGNED
154 || (((size_t) ((char *) map_address + ehdr.e32->e_shoff))
155 & (__alignof__ (Elf32_Shdr) - 1)) == 0))
156 /* We can directly access the memory. */
157 result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff
158 + offset))->sh_size;
159 else
160 {
161 Elf32_Word size;
162
163 if (likely (map_address != NULL))
164 /* gcc will optimize the memcpy to a simple memory
165 access while taking care of alignment issues. */
166 memcpy (&size, &((Elf32_Shdr *) ((char *) map_address
167 + ehdr.e32->e_shoff
168 + offset))->sh_size,
169 sizeof (Elf32_Word));
170 else
171 if (unlikely (pread_retry (fildes, &size, sizeof (Elf32_Word),
172 offset + ehdr.e32->e_shoff
173 + offsetof (Elf32_Shdr, sh_size))
174 != sizeof (Elf32_Word)))
175 return (size_t) -1l;
176
177 if (e_ident[EI_DATA] != MY_ELFDATA)
178 CONVERT (size);
179
180 result = size;
181 }
182 }
183
184 /* If the section headers were truncated, pretend none were there. */
185 if (ehdr.e32->e_shoff > maxsize
186 || maxsize - ehdr.e32->e_shoff < sizeof (Elf32_Shdr) * result)
187 result = 0;
188 }
189 else
190 {
191 /* Get the number of sections from the ELF header. */
192 result = ehdr.e64->e_shnum;
193
194 if (unlikely (result == 0) && ehdr.e64->e_shoff != 0)
195 {
196 if (unlikely (ehdr.e64->e_shoff >= maxsize)
197 || unlikely (ehdr.e64->e_shoff + sizeof (Elf64_Shdr) > maxsize))
198 /* Cannot read the first section header. */
199 return 0;
200
201 Elf64_Xword size;
202 if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA
203 && (ALLOW_UNALIGNED
204 || (((size_t) ((char *) map_address + ehdr.e64->e_shoff))
205 & (__alignof__ (Elf64_Shdr) - 1)) == 0))
206 /* We can directly access the memory. */
207 size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff
208 + offset))->sh_size;
209 else
210 {
211 if (likely (map_address != NULL))
212 /* gcc will optimize the memcpy to a simple memory
213 access while taking care of alignment issues. */
214 memcpy (&size, &((Elf64_Shdr *) ((char *) map_address
215 + ehdr.e64->e_shoff
216 + offset))->sh_size,
217 sizeof (Elf64_Xword));
218 else
219 if (unlikely (pread_retry (fildes, &size, sizeof (Elf64_Xword),
220 offset + ehdr.e64->e_shoff
221 + offsetof (Elf64_Shdr, sh_size))
222 != sizeof (Elf64_Xword)))
223 return (size_t) -1l;
224
225 if (e_ident[EI_DATA] != MY_ELFDATA)
226 CONVERT (size);
227 }
228
229 if (size > ~((GElf_Word) 0))
230 /* Invalid value, it is too large. */
231 return (size_t) -1l;
232
233 result = size;
234 }
235
236 /* If the section headers were truncated, pretend none were there. */
237 if (ehdr.e64->e_shoff > maxsize
238 || maxsize - ehdr.e64->e_shoff < sizeof (Elf64_Shdr) * result)
239 result = 0;
240 }
241
242 return result;
243 }
244
245
246 /* Create descriptor for ELF file in memory. */
247 static Elf *
file_read_elf(int fildes,void * map_address,unsigned char * e_ident,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)248 file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
249 off_t offset, size_t maxsize, Elf_Cmd cmd, Elf *parent)
250 {
251 /* Verify the binary is of the class we can handle. */
252 if (unlikely ((e_ident[EI_CLASS] != ELFCLASS32
253 && e_ident[EI_CLASS] != ELFCLASS64)
254 /* We also can only handle two encodings. */
255 || (e_ident[EI_DATA] != ELFDATA2LSB
256 && e_ident[EI_DATA] != ELFDATA2MSB)))
257 {
258 /* Cannot handle this. */
259 __libelf_seterrno (ELF_E_INVALID_FILE);
260 return NULL;
261 }
262
263 /* Determine the number of sections. */
264 size_t scncnt = get_shnum (map_address, e_ident, fildes, offset, maxsize);
265 if (scncnt == (size_t) -1l)
266 /* Could not determine the number of sections. */
267 return NULL;
268
269 /* Check for too many sections. */
270 if (e_ident[EI_CLASS] == ELFCLASS32)
271 {
272 if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf32_Shdr)))
273 return NULL;
274 }
275 else if (scncnt > SIZE_MAX / (sizeof (Elf_Scn) + sizeof (Elf64_Shdr)))
276 return NULL;
277
278 /* We can now allocate the memory. Even if there are no section headers,
279 we allocate space for a zeroth section in case we need it later. */
280 const size_t scnmax = (scncnt ?: (cmd == ELF_C_RDWR || cmd == ELF_C_RDWR_MMAP)
281 ? 1 : 0);
282 Elf *elf = allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
283 ELF_K_ELF, scnmax * sizeof (Elf_Scn));
284 if (elf == NULL)
285 /* Not enough memory. */
286 return NULL;
287
288 assert ((unsigned int) scncnt == scncnt);
289 assert (offsetof (struct Elf, state.elf32.scns)
290 == offsetof (struct Elf, state.elf64.scns));
291 elf->state.elf32.scns.cnt = scncnt;
292 elf->state.elf32.scns.max = scnmax;
293
294 /* Some more or less arbitrary value. */
295 elf->state.elf.scnincr = 10;
296
297 /* Make the class easily available. */
298 elf->class = e_ident[EI_CLASS];
299
300 if (e_ident[EI_CLASS] == ELFCLASS32)
301 {
302 /* This pointer might not be directly usable if the alignment is
303 not sufficient for the architecture. */
304 Elf32_Ehdr *ehdr = (Elf32_Ehdr *) ((char *) map_address + offset);
305
306 /* This is a 32-bit binary. */
307 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
308 && (ALLOW_UNALIGNED
309 || (((uintptr_t) ehdr) & (__alignof__ (Elf32_Ehdr) - 1)) == 0))
310 {
311 /* We can use the mmapped memory. */
312 elf->state.elf32.ehdr = ehdr;
313 }
314 else
315 {
316 /* Copy the ELF header. */
317 elf->state.elf32.ehdr = memcpy (&elf->state.elf32.ehdr_mem, e_ident,
318 sizeof (Elf32_Ehdr));
319
320 if (e_ident[EI_DATA] != MY_ELFDATA)
321 {
322 CONVERT (elf->state.elf32.ehdr_mem.e_type);
323 CONVERT (elf->state.elf32.ehdr_mem.e_machine);
324 CONVERT (elf->state.elf32.ehdr_mem.e_version);
325 CONVERT (elf->state.elf32.ehdr_mem.e_entry);
326 CONVERT (elf->state.elf32.ehdr_mem.e_phoff);
327 CONVERT (elf->state.elf32.ehdr_mem.e_shoff);
328 CONVERT (elf->state.elf32.ehdr_mem.e_flags);
329 CONVERT (elf->state.elf32.ehdr_mem.e_ehsize);
330 CONVERT (elf->state.elf32.ehdr_mem.e_phentsize);
331 CONVERT (elf->state.elf32.ehdr_mem.e_phnum);
332 CONVERT (elf->state.elf32.ehdr_mem.e_shentsize);
333 CONVERT (elf->state.elf32.ehdr_mem.e_shnum);
334 CONVERT (elf->state.elf32.ehdr_mem.e_shstrndx);
335 }
336 }
337
338 /* Don't precache the phdr pointer here.
339 elf32_getphdr will validate it against the size when asked. */
340
341 Elf32_Off e_shoff = elf->state.elf32.ehdr->e_shoff;
342 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
343 && cmd != ELF_C_READ_MMAP /* We need a copy to be able to write. */
344 && (ALLOW_UNALIGNED
345 || (((uintptr_t) ((char *) ehdr + e_shoff)
346 & (__alignof__ (Elf32_Shdr) - 1)) == 0)))
347 {
348 if (unlikely (e_shoff >= maxsize)
349 || unlikely (maxsize - e_shoff
350 < scncnt * sizeof (Elf32_Shdr)))
351 {
352 free_and_out:
353 free (elf);
354 __libelf_seterrno (ELF_E_INVALID_FILE);
355 return NULL;
356 }
357 elf->state.elf32.shdr
358 = (Elf32_Shdr *) ((char *) ehdr + e_shoff);
359
360 for (size_t cnt = 0; cnt < scncnt; ++cnt)
361 {
362 elf->state.elf32.scns.data[cnt].index = cnt;
363 elf->state.elf32.scns.data[cnt].elf = elf;
364 elf->state.elf32.scns.data[cnt].shdr.e32 =
365 &elf->state.elf32.shdr[cnt];
366 if (likely (elf->state.elf32.shdr[cnt].sh_offset < maxsize)
367 && likely (elf->state.elf32.shdr[cnt].sh_size
368 <= maxsize - elf->state.elf32.shdr[cnt].sh_offset))
369 elf->state.elf32.scns.data[cnt].rawdata_base =
370 elf->state.elf32.scns.data[cnt].data_base =
371 ((char *) map_address + offset
372 + elf->state.elf32.shdr[cnt].sh_offset);
373 elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
374
375 /* If this is a section with an extended index add a
376 reference in the section which uses the extended
377 index. */
378 if (elf->state.elf32.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
379 && elf->state.elf32.shdr[cnt].sh_link < scncnt)
380 elf->state.elf32.scns.data[elf->state.elf32.shdr[cnt].sh_link].shndx_index
381 = cnt;
382
383 /* Set the own shndx_index field in case it has not yet
384 been set. */
385 if (elf->state.elf32.scns.data[cnt].shndx_index == 0)
386 elf->state.elf32.scns.data[cnt].shndx_index = -1;
387 }
388 }
389 else
390 {
391 for (size_t cnt = 0; cnt < scncnt; ++cnt)
392 {
393 elf->state.elf32.scns.data[cnt].index = cnt;
394 elf->state.elf32.scns.data[cnt].elf = elf;
395 elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
396 }
397 }
398
399 /* So far only one block with sections. */
400 elf->state.elf32.scns_last = &elf->state.elf32.scns;
401 }
402 else
403 {
404 /* This pointer might not be directly usable if the alignment is
405 not sufficient for the architecture. */
406 Elf64_Ehdr *ehdr = (Elf64_Ehdr *) ((char *) map_address + offset);
407
408 /* This is a 64-bit binary. */
409 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
410 && (ALLOW_UNALIGNED
411 || (((uintptr_t) ehdr) & (__alignof__ (Elf64_Ehdr) - 1)) == 0))
412 {
413 /* We can use the mmapped memory. */
414 elf->state.elf64.ehdr = ehdr;
415 }
416 else
417 {
418 /* Copy the ELF header. */
419 elf->state.elf64.ehdr = memcpy (&elf->state.elf64.ehdr_mem, e_ident,
420 sizeof (Elf64_Ehdr));
421
422 if (e_ident[EI_DATA] != MY_ELFDATA)
423 {
424 CONVERT (elf->state.elf64.ehdr_mem.e_type);
425 CONVERT (elf->state.elf64.ehdr_mem.e_machine);
426 CONVERT (elf->state.elf64.ehdr_mem.e_version);
427 CONVERT (elf->state.elf64.ehdr_mem.e_entry);
428 CONVERT (elf->state.elf64.ehdr_mem.e_phoff);
429 CONVERT (elf->state.elf64.ehdr_mem.e_shoff);
430 CONVERT (elf->state.elf64.ehdr_mem.e_flags);
431 CONVERT (elf->state.elf64.ehdr_mem.e_ehsize);
432 CONVERT (elf->state.elf64.ehdr_mem.e_phentsize);
433 CONVERT (elf->state.elf64.ehdr_mem.e_phnum);
434 CONVERT (elf->state.elf64.ehdr_mem.e_shentsize);
435 CONVERT (elf->state.elf64.ehdr_mem.e_shnum);
436 CONVERT (elf->state.elf64.ehdr_mem.e_shstrndx);
437 }
438 }
439
440 /* Don't precache the phdr pointer here.
441 elf64_getphdr will validate it against the size when asked. */
442
443 Elf64_Off e_shoff = elf->state.elf64.ehdr->e_shoff;
444 if (map_address != NULL && e_ident[EI_DATA] == MY_ELFDATA
445 && cmd != ELF_C_READ_MMAP /* We need a copy to be able to write. */
446 && (ALLOW_UNALIGNED
447 || (((uintptr_t) ((char *) ehdr + e_shoff)
448 & (__alignof__ (Elf64_Shdr) - 1)) == 0)))
449 {
450 if (unlikely (e_shoff >= maxsize)
451 || unlikely (maxsize - e_shoff
452 < scncnt * sizeof (Elf64_Shdr)))
453 goto free_and_out;
454 elf->state.elf64.shdr
455 = (Elf64_Shdr *) ((char *) ehdr + e_shoff);
456
457 for (size_t cnt = 0; cnt < scncnt; ++cnt)
458 {
459 elf->state.elf64.scns.data[cnt].index = cnt;
460 elf->state.elf64.scns.data[cnt].elf = elf;
461 elf->state.elf64.scns.data[cnt].shdr.e64 =
462 &elf->state.elf64.shdr[cnt];
463 if (likely (elf->state.elf64.shdr[cnt].sh_offset < maxsize)
464 && likely (elf->state.elf64.shdr[cnt].sh_size
465 <= maxsize - elf->state.elf64.shdr[cnt].sh_offset))
466 elf->state.elf64.scns.data[cnt].rawdata_base =
467 elf->state.elf64.scns.data[cnt].data_base =
468 ((char *) map_address + offset
469 + elf->state.elf64.shdr[cnt].sh_offset);
470 elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
471
472 /* If this is a section with an extended index add a
473 reference in the section which uses the extended
474 index. */
475 if (elf->state.elf64.shdr[cnt].sh_type == SHT_SYMTAB_SHNDX
476 && elf->state.elf64.shdr[cnt].sh_link < scncnt)
477 elf->state.elf64.scns.data[elf->state.elf64.shdr[cnt].sh_link].shndx_index
478 = cnt;
479
480 /* Set the own shndx_index field in case it has not yet
481 been set. */
482 if (elf->state.elf64.scns.data[cnt].shndx_index == 0)
483 elf->state.elf64.scns.data[cnt].shndx_index = -1;
484 }
485 }
486 else
487 {
488 for (size_t cnt = 0; cnt < scncnt; ++cnt)
489 {
490 elf->state.elf64.scns.data[cnt].index = cnt;
491 elf->state.elf64.scns.data[cnt].elf = elf;
492 elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
493 }
494 }
495
496 /* So far only one block with sections. */
497 elf->state.elf64.scns_last = &elf->state.elf64.scns;
498 }
499
500 return elf;
501 }
502
503
504 Elf *
505 internal_function
__libelf_read_mmaped_file(int fildes,void * map_address,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)506 __libelf_read_mmaped_file (int fildes, void *map_address, off_t offset,
507 size_t maxsize, Elf_Cmd cmd, Elf *parent)
508 {
509 /* We have to find out what kind of file this is. We handle ELF
510 files and archives. To find out what we have we must look at the
511 header. The header for an ELF file is EI_NIDENT bytes in size,
512 the header for an archive file SARMAG bytes long. */
513 unsigned char *e_ident = (unsigned char *) map_address + offset;
514
515 /* See what kind of object we have here. */
516 Elf_Kind kind = determine_kind (e_ident, maxsize);
517
518 switch (kind)
519 {
520 case ELF_K_ELF:
521 return file_read_elf (fildes, map_address, e_ident, offset, maxsize,
522 cmd, parent);
523
524 case ELF_K_AR:
525 return file_read_ar (fildes, map_address, offset, maxsize, cmd, parent);
526
527 default:
528 break;
529 }
530
531 /* This case is easy. Since we cannot do anything with this file
532 create a dummy descriptor. */
533 return allocate_elf (fildes, map_address, offset, maxsize, cmd, parent,
534 ELF_K_NONE, 0);
535 }
536
537
538 static Elf *
read_unmmaped_file(int fildes,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)539 read_unmmaped_file (int fildes, off_t offset, size_t maxsize, Elf_Cmd cmd,
540 Elf *parent)
541 {
542 /* We have to find out what kind of file this is. We handle ELF
543 files and archives. To find out what we have we must read the
544 header. The identification header for an ELF file is EI_NIDENT
545 bytes in size, but we read the whole ELF header since we will
546 need it anyway later. For archives the header in SARMAG bytes
547 long. Read the maximum of these numbers.
548
549 XXX We have to change this for the extended `ar' format some day.
550
551 Use a union to ensure alignment. We might later access the
552 memory as a ElfXX_Ehdr. */
553 union
554 {
555 Elf64_Ehdr ehdr;
556 unsigned char header[MAX (sizeof (Elf64_Ehdr), SARMAG)];
557 } mem;
558
559 /* Read the head of the file. */
560 ssize_t nread = pread_retry (fildes, mem.header,
561 MIN (MAX (sizeof (Elf64_Ehdr), SARMAG),
562 maxsize),
563 offset);
564 if (unlikely (nread == -1))
565 {
566 /* We cannot even read the head of the file. Maybe FILDES is associated
567 with an unseekable device. This is nothing we can handle. */
568 __libelf_seterrno (ELF_E_INVALID_FILE);
569 return NULL;
570 }
571
572 /* See what kind of object we have here. */
573 Elf_Kind kind = determine_kind (mem.header, nread);
574
575 switch (kind)
576 {
577 case ELF_K_AR:
578 return file_read_ar (fildes, NULL, offset, maxsize, cmd, parent);
579
580 case ELF_K_ELF:
581 /* Make sure at least the ELF header is contained in the file. */
582 if ((size_t) nread >= (mem.header[EI_CLASS] == ELFCLASS32
583 ? sizeof (Elf32_Ehdr) : sizeof (Elf64_Ehdr)))
584 return file_read_elf (fildes, NULL, mem.header, offset, maxsize, cmd,
585 parent);
586 /* FALLTHROUGH */
587
588 default:
589 break;
590 }
591
592 /* This case is easy. Since we cannot do anything with this file
593 create a dummy descriptor. */
594 return allocate_elf (fildes, NULL, offset, maxsize, cmd, parent,
595 ELF_K_NONE, 0);
596 }
597
598
599 /* Open a file for reading. If possible we will try to mmap() the file. */
600 static struct Elf *
read_file(int fildes,off_t offset,size_t maxsize,Elf_Cmd cmd,Elf * parent)601 read_file (int fildes, off_t offset, size_t maxsize,
602 Elf_Cmd cmd, Elf *parent)
603 {
604 void *map_address = NULL;
605 int use_mmap = (cmd == ELF_C_READ_MMAP || cmd == ELF_C_RDWR_MMAP
606 || cmd == ELF_C_WRITE_MMAP
607 || cmd == ELF_C_READ_MMAP_PRIVATE);
608
609 if (use_mmap)
610 {
611 if (parent == NULL)
612 {
613 if (maxsize == ~((size_t) 0))
614 {
615 /* We don't know in the moment how large the file is.
616 Determine it now. */
617 struct stat st;
618
619 if (fstat (fildes, &st) == 0
620 && (sizeof (size_t) >= sizeof (st.st_size)
621 || st.st_size <= ~((size_t) 0)))
622 maxsize = (size_t) st.st_size;
623 }
624
625 /* We try to map the file ourself. */
626 map_address = mmap (NULL, maxsize, (cmd == ELF_C_READ_MMAP
627 ? PROT_READ
628 : PROT_READ|PROT_WRITE),
629 cmd == ELF_C_READ_MMAP_PRIVATE
630 || cmd == ELF_C_READ_MMAP
631 ? MAP_PRIVATE : MAP_SHARED,
632 fildes, offset);
633
634 if (map_address == MAP_FAILED)
635 map_address = NULL;
636 }
637 else
638 {
639 /* The parent is already loaded. Use it. */
640 assert (maxsize != ~((size_t) 0));
641
642 map_address = parent->map_address;
643 }
644 }
645
646 /* If we have the file in memory optimize the access. */
647 if (map_address != NULL)
648 {
649 assert (map_address != MAP_FAILED);
650
651 struct Elf *result = __libelf_read_mmaped_file (fildes, map_address,
652 offset, maxsize, cmd,
653 parent);
654
655 /* If something went wrong during the initialization unmap the
656 memory if we mmaped here. */
657 if (result == NULL
658 && (parent == NULL
659 || parent->map_address != map_address))
660 munmap (map_address, maxsize);
661 else if (parent == NULL)
662 /* Remember that we mmap()ed the memory. */
663 result->flags |= ELF_F_MMAPPED;
664
665 return result;
666 }
667
668 /* Otherwise we have to do it the hard way. We read as much as necessary
669 from the file whenever we need information which is not available. */
670 return read_unmmaped_file (fildes, offset, maxsize, cmd, parent);
671 }
672
673
674 /* Find the entry with the long names for the content of this archive. */
675 static const char *
read_long_names(Elf * elf)676 read_long_names (Elf *elf)
677 {
678 off_t offset = SARMAG; /* This is the first entry. */
679 struct ar_hdr hdrm;
680 struct ar_hdr *hdr;
681 char *newp;
682 size_t len;
683
684 while (1)
685 {
686 if (elf->map_address != NULL)
687 {
688 if ((size_t) offset > elf->maximum_size
689 || elf->maximum_size - offset < sizeof (struct ar_hdr))
690 return NULL;
691
692 /* The data is mapped. */
693 hdr = (struct ar_hdr *) (elf->map_address + offset);
694 }
695 else
696 {
697 /* Read the header from the file. */
698 if (unlikely (pread_retry (elf->fildes, &hdrm, sizeof (hdrm),
699 elf->start_offset + offset)
700 != sizeof (hdrm)))
701 return NULL;
702
703 hdr = &hdrm;
704 }
705
706 len = atol (hdr->ar_size);
707
708 if (memcmp (hdr->ar_name, "// ", 16) == 0)
709 break;
710
711 offset += sizeof (struct ar_hdr) + ((len + 1) & ~1l);
712 }
713
714 /* Due to the stupid format of the long name table entry (which are not
715 NUL terminted) we have to provide an appropriate representation anyhow.
716 Therefore we always make a copy which has the appropriate form. */
717 newp = (char *) malloc (len);
718 if (newp != NULL)
719 {
720 char *runp;
721
722 if (elf->map_address != NULL)
723 {
724 if (len > elf->maximum_size - offset - sizeof (struct ar_hdr))
725 goto too_much;
726 /* Simply copy it over. */
727 elf->state.ar.long_names = (char *) memcpy (newp,
728 elf->map_address + offset
729 + sizeof (struct ar_hdr),
730 len);
731 }
732 else
733 {
734 if (unlikely ((size_t) pread_retry (elf->fildes, newp, len,
735 elf->start_offset + offset
736 + sizeof (struct ar_hdr))
737 != len))
738 {
739 too_much:
740 /* We were not able to read all data. */
741 free (newp);
742 elf->state.ar.long_names = NULL;
743 return NULL;
744 }
745 elf->state.ar.long_names = newp;
746 }
747
748 elf->state.ar.long_names_len = len;
749
750 /* Now NUL-terminate the strings. */
751 runp = newp;
752 while (1)
753 {
754 char *startp = runp;
755 runp = (char *) memchr (runp, '/', newp + len - runp);
756 if (runp == NULL)
757 {
758 /* This was the last entry. Clear any left overs. */
759 memset (startp, '\0', newp + len - startp);
760 break;
761 }
762
763 /* NUL-terminate the string. */
764 *runp++ = '\0';
765
766 /* A sanity check. Somebody might have generated invalid
767 archive. */
768 if (runp >= newp + len)
769 break;
770 }
771 }
772
773 return newp;
774 }
775
776
777 /* Read the next archive header. */
778 int
779 internal_function
__libelf_next_arhdr_wrlock(Elf * elf)780 __libelf_next_arhdr_wrlock (Elf *elf)
781 {
782 struct ar_hdr *ar_hdr;
783 Elf_Arhdr *elf_ar_hdr;
784
785 if (elf->map_address != NULL)
786 {
787 /* See whether this entry is in the file. */
788 if (unlikely ((size_t) elf->state.ar.offset
789 > elf->start_offset + elf->maximum_size
790 || (elf->start_offset + elf->maximum_size
791 - elf->state.ar.offset) < sizeof (struct ar_hdr)))
792 {
793 /* This record is not anymore in the file. */
794 __libelf_seterrno (ELF_E_RANGE);
795 return -1;
796 }
797 ar_hdr = (struct ar_hdr *) (elf->map_address + elf->state.ar.offset);
798 }
799 else
800 {
801 ar_hdr = &elf->state.ar.ar_hdr;
802
803 if (unlikely (pread_retry (elf->fildes, ar_hdr, sizeof (struct ar_hdr),
804 elf->state.ar.offset)
805 != sizeof (struct ar_hdr)))
806 {
807 /* Something went wrong while reading the file. */
808 __libelf_seterrno (ELF_E_RANGE);
809 return -1;
810 }
811 }
812
813 /* One little consistency check. */
814 if (unlikely (memcmp (ar_hdr->ar_fmag, ARFMAG, 2) != 0))
815 {
816 /* This is no valid archive. */
817 __libelf_seterrno (ELF_E_ARCHIVE_FMAG);
818 return -1;
819 }
820
821 /* Copy the raw name over to a NUL terminated buffer. */
822 *((char *) mempcpy (elf->state.ar.raw_name, ar_hdr->ar_name, 16)) = '\0';
823
824 elf_ar_hdr = &elf->state.ar.elf_ar_hdr;
825
826 /* Now convert the `struct ar_hdr' into `Elf_Arhdr'.
827 Determine whether this is a special entry. */
828 if (ar_hdr->ar_name[0] == '/')
829 {
830 if (ar_hdr->ar_name[1] == ' '
831 && memcmp (ar_hdr->ar_name, "/ ", 16) == 0)
832 /* This is the index. */
833 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/", 2);
834 else if (ar_hdr->ar_name[1] == 'S'
835 && memcmp (ar_hdr->ar_name, "/SYM64/ ", 16) == 0)
836 /* 64-bit index. */
837 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "/SYM64/", 8);
838 else if (ar_hdr->ar_name[1] == '/'
839 && memcmp (ar_hdr->ar_name, "// ", 16) == 0)
840 /* This is the array with the long names. */
841 elf_ar_hdr->ar_name = memcpy (elf->state.ar.ar_name, "//", 3);
842 else if (likely (isdigit (ar_hdr->ar_name[1])))
843 {
844 size_t offset;
845
846 /* This is a long name. First we have to read the long name
847 table, if this hasn't happened already. */
848 if (unlikely (elf->state.ar.long_names == NULL
849 && read_long_names (elf) == NULL))
850 {
851 /* No long name table although it is reference. The archive is
852 broken. */
853 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
854 return -1;
855 }
856
857 offset = atol (ar_hdr->ar_name + 1);
858 if (unlikely (offset >= elf->state.ar.long_names_len))
859 {
860 /* The index in the long name table is larger than the table. */
861 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
862 return -1;
863 }
864 elf_ar_hdr->ar_name = elf->state.ar.long_names + offset;
865 }
866 else
867 {
868 /* This is none of the known special entries. */
869 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
870 return -1;
871 }
872 }
873 else
874 {
875 char *endp;
876
877 /* It is a normal entry. Copy over the name. */
878 endp = (char *) memccpy (elf->state.ar.ar_name, ar_hdr->ar_name,
879 '/', 16);
880 if (endp != NULL)
881 endp[-1] = '\0';
882 else
883 {
884 /* In the old BSD style of archive, there is no / terminator.
885 Instead, there is space padding at the end of the name. */
886 size_t i = 15;
887 do
888 elf->state.ar.ar_name[i] = '\0';
889 while (i > 0 && elf->state.ar.ar_name[--i] == ' ');
890 }
891
892 elf_ar_hdr->ar_name = elf->state.ar.ar_name;
893 }
894
895 if (unlikely (ar_hdr->ar_size[0] == ' '))
896 /* Something is really wrong. We cannot live without a size for
897 the member since it will not be possible to find the next
898 archive member. */
899 {
900 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
901 return -1;
902 }
903
904 /* Since there are no specialized functions to convert ASCII to
905 time_t, uid_t, gid_t, mode_t, and off_t we use either atol or
906 atoll depending on the size of the types. We are also prepared
907 for the case where the whole field in the `struct ar_hdr' is
908 filled in which case we cannot simply use atol/l but instead have
909 to create a temporary copy. */
910
911 #define INT_FIELD(FIELD) \
912 do \
913 { \
914 char buf[sizeof (ar_hdr->FIELD) + 1]; \
915 const char *string = ar_hdr->FIELD; \
916 if (ar_hdr->FIELD[sizeof (ar_hdr->FIELD) - 1] != ' ') \
917 { \
918 *((char *) mempcpy (buf, ar_hdr->FIELD, sizeof (ar_hdr->FIELD))) \
919 = '\0'; \
920 string = buf; \
921 } \
922 if (sizeof (elf_ar_hdr->FIELD) <= sizeof (long int)) \
923 elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atol (string); \
924 else \
925 elf_ar_hdr->FIELD = (__typeof (elf_ar_hdr->FIELD)) atoll (string); \
926 } \
927 while (0)
928
929 INT_FIELD (ar_date);
930 INT_FIELD (ar_uid);
931 INT_FIELD (ar_gid);
932 INT_FIELD (ar_mode);
933 INT_FIELD (ar_size);
934
935 if (elf_ar_hdr->ar_size < 0)
936 {
937 __libelf_seterrno (ELF_E_INVALID_ARCHIVE);
938 return -1;
939 }
940
941 /* Truncated file? */
942 size_t maxsize;
943 maxsize = (elf->start_offset + elf->maximum_size
944 - elf->state.ar.offset - sizeof (struct ar_hdr));
945 if ((size_t) elf_ar_hdr->ar_size > maxsize)
946 elf_ar_hdr->ar_size = maxsize;
947
948 return 0;
949 }
950
951
952 /* We were asked to return a clone of an existing descriptor. This
953 function must be called with the lock on the parent descriptor
954 being held. */
955 static Elf *
dup_elf(int fildes,Elf_Cmd cmd,Elf * ref)956 dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
957 {
958 struct Elf *result;
959
960 if (fildes == -1)
961 /* Allow the user to pass -1 as the file descriptor for the new file. */
962 fildes = ref->fildes;
963 /* The file descriptor better should be the same. If it was disconnected
964 already (using `elf_cntl') we do not test it. */
965 else if (unlikely (ref->fildes != -1 && fildes != ref->fildes))
966 {
967 __libelf_seterrno (ELF_E_FD_MISMATCH);
968 return NULL;
969 }
970
971 /* The mode must allow reading. I.e., a descriptor creating with a
972 command different then ELF_C_READ, ELF_C_WRITE and ELF_C_RDWR is
973 not allowed. */
974 if (unlikely (ref->cmd != ELF_C_READ && ref->cmd != ELF_C_READ_MMAP
975 && ref->cmd != ELF_C_WRITE && ref->cmd != ELF_C_WRITE_MMAP
976 && ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
977 && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
978 {
979 __libelf_seterrno (ELF_E_INVALID_OP);
980 return NULL;
981 }
982
983 /* Now it is time to distinguish between reading normal files and
984 archives. Normal files can easily be handled be incrementing the
985 reference counter and return the same descriptor. */
986 if (ref->kind != ELF_K_AR)
987 {
988 ++ref->ref_count;
989 return ref;
990 }
991
992 /* This is an archive. We must create a descriptor for the archive
993 member the internal pointer of the archive file desriptor is
994 pointing to. First read the header of the next member if this
995 has not happened already. */
996 if (ref->state.ar.elf_ar_hdr.ar_name == NULL
997 && __libelf_next_arhdr_wrlock (ref) != 0)
998 /* Something went wrong. Maybe there is no member left. */
999 return NULL;
1000
1001 /* We have all the information we need about the next archive member.
1002 Now create a descriptor for it. */
1003 result = read_file (fildes, ref->state.ar.offset + sizeof (struct ar_hdr),
1004 ref->state.ar.elf_ar_hdr.ar_size, cmd, ref);
1005
1006 /* Enlist this new descriptor in the list of children. */
1007 if (result != NULL)
1008 {
1009 result->next = ref->state.ar.children;
1010 ref->state.ar.children = result;
1011 }
1012
1013 return result;
1014 }
1015
1016
1017 /* Return desriptor for empty file ready for writing. */
1018 static struct Elf *
write_file(int fd,Elf_Cmd cmd)1019 write_file (int fd, Elf_Cmd cmd)
1020 {
1021 /* We simply create an empty `Elf' structure. */
1022 #define NSCNSALLOC 10
1023 Elf *result = allocate_elf (fd, NULL, 0, 0, cmd, NULL, ELF_K_ELF,
1024 NSCNSALLOC * sizeof (Elf_Scn));
1025
1026 if (result != NULL)
1027 {
1028 /* We have to write to the file in any case. */
1029 result->flags = ELF_F_DIRTY;
1030
1031 /* Some more or less arbitrary value. */
1032 result->state.elf.scnincr = NSCNSALLOC;
1033
1034 /* We have allocated room for some sections. */
1035 assert (offsetof (struct Elf, state.elf32.scns)
1036 == offsetof (struct Elf, state.elf64.scns));
1037 result->state.elf.scns_last = &result->state.elf32.scns;
1038 result->state.elf32.scns.max = NSCNSALLOC;
1039 }
1040
1041 return result;
1042 }
1043
1044 /* Lock if necessary before dup an archive. */
1045 static inline Elf *
lock_dup_elf(int fildes,Elf_Cmd cmd,Elf * ref)1046 lock_dup_elf (int fildes, Elf_Cmd cmd, Elf *ref)
1047 {
1048 /* We need wrlock to dup an archive. */
1049 if (ref->kind == ELF_K_AR)
1050 {
1051 rwlock_unlock (ref->lock);
1052 rwlock_wrlock (ref->lock);
1053 }
1054 /* Duplicate the descriptor. */
1055 return dup_elf (fildes, cmd, ref);
1056 }
1057
1058 /* Return a descriptor for the file belonging to FILDES. */
1059 Elf *
elf_begin(int fildes,Elf_Cmd cmd,Elf * ref)1060 elf_begin (int fildes, Elf_Cmd cmd, Elf *ref)
1061 {
1062 Elf *retval;
1063
1064 if (unlikely (! __libelf_version_initialized))
1065 {
1066 /* Version wasn't set so far. */
1067 __libelf_seterrno (ELF_E_NO_VERSION);
1068 return NULL;
1069 }
1070
1071 if (ref != NULL)
1072 /* Make sure the descriptor is not suddenly going away. */
1073 rwlock_rdlock (ref->lock);
1074 else if (unlikely (fcntl (fildes, F_GETFL) == -1 && errno == EBADF))
1075 {
1076 /* We cannot do anything productive without a file descriptor. */
1077 __libelf_seterrno (ELF_E_INVALID_FILE);
1078 return NULL;
1079 }
1080
1081 switch (cmd)
1082 {
1083 case ELF_C_NULL:
1084 /* We simply return a NULL pointer. */
1085 retval = NULL;
1086 break;
1087
1088 case ELF_C_READ_MMAP_PRIVATE:
1089 /* If we have a reference it must also be opened this way. */
1090 if (unlikely (ref != NULL && ref->cmd != ELF_C_READ_MMAP_PRIVATE))
1091 {
1092 __libelf_seterrno (ELF_E_INVALID_CMD);
1093 retval = NULL;
1094 break;
1095 }
1096 /* FALLTHROUGH */
1097
1098 case ELF_C_READ:
1099 case ELF_C_READ_MMAP:
1100 if (ref != NULL)
1101 retval = lock_dup_elf (fildes, cmd, ref);
1102 else
1103 /* Create descriptor for existing file. */
1104 retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
1105 break;
1106
1107 case ELF_C_RDWR:
1108 case ELF_C_RDWR_MMAP:
1109 /* If we have a REF object it must also be opened using this
1110 command. */
1111 if (ref != NULL)
1112 {
1113 if (unlikely (ref->cmd != ELF_C_RDWR && ref->cmd != ELF_C_RDWR_MMAP
1114 && ref->cmd != ELF_C_WRITE
1115 && ref->cmd != ELF_C_WRITE_MMAP))
1116 {
1117 /* This is not ok. REF must also be opened for writing. */
1118 __libelf_seterrno (ELF_E_INVALID_CMD);
1119 retval = NULL;
1120 }
1121 else
1122 retval = lock_dup_elf (fildes, cmd, ref);
1123 }
1124 else
1125 /* Create descriptor for existing file. */
1126 retval = read_file (fildes, 0, ~((size_t) 0), cmd, NULL);
1127 break;
1128
1129 case ELF_C_WRITE:
1130 case ELF_C_WRITE_MMAP:
1131 /* We ignore REF and prepare a descriptor to write a new file. */
1132 retval = write_file (fildes, cmd);
1133 break;
1134
1135 default:
1136 __libelf_seterrno (ELF_E_INVALID_CMD);
1137 retval = NULL;
1138 break;
1139 }
1140
1141 /* Release the lock. */
1142 if (ref != NULL)
1143 rwlock_unlock (ref->lock);
1144
1145 return retval;
1146 }
1147 INTDEF(elf_begin)
1148