From: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Date: Wed, 16 Mar 2022 21:29:11 +0000 (-0400)
Subject: Fix: lttng-elf: untrusted entry size divisor
X-Git-Tag: v2.12.9~3
X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=commitdiff_plain;h=339ab1de3d02379aa67ffcba6c324803a3b6f3f2

Fix: lttng-elf: untrusted entry size divisor

1405557 Untrusted divisor
The divisor could be controlled by an attacker, who could cause a division by zero.

In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369)

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b
---

diff --git a/src/common/lttng-elf.c b/src/common/lttng-elf.c
index bef20ffd4..7369f29c5 100644
--- a/src/common/lttng-elf.c
+++ b/src/common/lttng-elf.c
@@ -814,6 +814,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset)
 	}
 
 	/* Get the number of symbol in the table for the iteration. */
+	if (symtab_hdr.sh_entsize == 0) {
+		DBG("Invalid ELF string table entry size.");
+		ret = LTTNG_ERR_ELF_PARSING;
+		goto free_symbol_table_data;
+	}
+
 	sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize;
 
 	/* Loop over all symbol. */