Fix: lttng-elf: untrusted entry size divisor

1405557 Untrusted divisor
The divisor could be controlled by an attacker, who could cause a division by zero.

In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369)

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b

diff --git a/src/common/lttng-elf.c b/src/common/lttng-elf.c
index d6cef2fe8632fe08aa150e7816865e86fd3e79bc..6523579fbec8582b768cc501972828c496347054 100644 (file)
--- a/src/common/lttng-elf.c
+++ b/src/common/lttng-elf.c
@@ -823,6 +823,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset)
        }
 
        /* Get the number of symbol in the table for the iteration. */
+       if (symtab_hdr.sh_entsize == 0) {
+               DBG("Invalid ELF string table entry size.");
+               ret = LTTNG_ERR_ELF_PARSING;
+               goto free_symbol_table_data;
+       }
+
        sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize;
 
        /* Loop over all symbol. */