From a395e0790af821e6cbd2b73ec907447c728cbfff Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Wed, 16 Mar 2022 17:29:11 -0400 Subject: [PATCH] Fix: lttng-elf: untrusted entry size divisor MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit 1405557 Untrusted divisor The divisor could be controlled by an attacker, who could cause a division by zero. In lttng_elf_get_symbol_offset: An unscrutinized value from an untrusted source used as a divisor (CWE-369) Signed-off-by: Jérémie Galarneau Change-Id: I029708a0df4f62fe0031e374d50839c26f4f3f4b --- src/common/lttng-elf.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/common/lttng-elf.cpp b/src/common/lttng-elf.cpp index 992410a88..711447203 100644 --- a/src/common/lttng-elf.cpp +++ b/src/common/lttng-elf.cpp @@ -824,6 +824,12 @@ int lttng_elf_get_symbol_offset(int fd, char *symbol, uint64_t *offset) } /* Get the number of symbol in the table for the iteration. */ + if (symtab_hdr.sh_entsize == 0) { + DBG("Invalid ELF string table entry size."); + ret = LTTNG_ERR_ELF_PARSING; + goto free_symbol_table_data; + } + sym_count = symtab_hdr.sh_size / symtab_hdr.sh_entsize; /* Loop over all symbol. */ -- 2.34.1