From: Kevin Enderby <enderby@apple.com>
Date: Tue, 4 Oct 2016 20:37:43 +0000 (+0000)
Subject: Next set of additional error checks for invalid Mach-O files for the
X-Git-Tag: llvmorg-4.0.0-rc1~8119
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f993d6e72c6246edb30ca90415e448989e0d5fd5;p=platform%2Fupstream%2Fllvm.git

Next set of additional error checks for invalid Mach-O files for the
load commands that uses the MachO::encryption_info_command and
MachO::encryption_info_command types but not used in llvm libObject
code but used in llvm tool code.

This includes just LC_ENCRYPTION_INFO and
LC_ENCRYPTION_INFO_64 load commands.

llvm-svn: 283250
---

diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index fcd7099..b5d1f93 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -698,6 +698,30 @@ static Error checkRpathCommand(const MachOObjectFile *Obj,
   return Error::success();
 }
 
+static Error checkEncryptCommand(const MachOObjectFile *Obj,
+                                 const MachOObjectFile::LoadCommandInfo &Load,
+                                 uint32_t LoadCommandIndex,
+                                 uint64_t cryptoff, uint64_t cryptsize,
+                                 const char **LoadCmd, const char *CmdName) {
+  if (*LoadCmd != nullptr)
+    return malformedError("more than one LC_ENCRYPTION_INFO and or "
+                          "LC_ENCRYPTION_INFO_64 command");
+  uint64_t FileSize = Obj->getData().size();
+  if (cryptoff > FileSize)
+    return malformedError("cryptoff field of " + Twine(CmdName) +
+                          " command " + Twine(LoadCommandIndex) + " extends "
+                          "past the end of the file");
+  uint64_t BigSize = cryptoff;
+  BigSize += cryptsize;
+  if (BigSize > FileSize)
+    return malformedError("cryptoff field plus cryptsize field of " +
+                          Twine(CmdName) + " command " +
+                          Twine(LoadCommandIndex) + " extends past the end of "
+                          "the file");
+  *LoadCmd = Load.Ptr;
+  return Error::success();
+}
+
 Expected<std::unique_ptr<MachOObjectFile>>
 MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian,
                         bool Is64Bits) {
@@ -752,6 +776,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
   const char *VersLoadCmd = nullptr;
   const char *SourceLoadCmd = nullptr;
   const char *EntryPointLoadCmd = nullptr;
+  const char *EncryptLoadCmd = nullptr;
   for (unsigned I = 0; I < LoadCommandCount; ++I) {
     if (is64Bit()) {
       if (Load.C.cmdsize % 8 != 0) {
@@ -903,6 +928,28 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
         return;
       }
       EntryPointLoadCmd = Load.Ptr;
+    } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO) {
+      if (Load.C.cmdsize != sizeof(MachO::encryption_info_command)) {
+        Err = malformedError("LC_ENCRYPTION_INFO command " + Twine(I) +
+                             " has incorrect cmdsize");
+        return;
+      }
+      MachO::encryption_info_command E =
+        getStruct<MachO::encryption_info_command>(this, Load.Ptr);
+      if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize,
+                                     &EncryptLoadCmd, "LC_ENCRYPTION_INFO")))
+        return;
+    } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO_64) {
+      if (Load.C.cmdsize != sizeof(MachO::encryption_info_command_64)) {
+        Err = malformedError("LC_ENCRYPTION_INFO_64 command " + Twine(I) +
+                             " has incorrect cmdsize");
+        return;
+      }
+      MachO::encryption_info_command_64 E =
+        getStruct<MachO::encryption_info_command_64>(this, Load.Ptr);
+      if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize,
+                                     &EncryptLoadCmd, "LC_ENCRYPTION_INFO_64")))
+        return;
     }
     if (I < LoadCommandCount - 1) {
       if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load))
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size b/llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size
new file mode 100644
index 0000000..2120465
Binary files /dev/null and b/llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size differ
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff b/llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff
new file mode 100644
index 0000000..9ac14e2
Binary files /dev/null and b/llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff differ
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one b/llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one
new file mode 100644
index 0000000..f5829da
Binary files /dev/null and b/llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one differ
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size b/llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size
new file mode 100644
index 0000000..945a6c3
Binary files /dev/null and b/llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size differ
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize b/llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize
new file mode 100644
index 0000000..756de66
Binary files /dev/null and b/llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize differ
diff --git a/llvm/test/Object/macho-invalid.test b/llvm/test/Object/macho-invalid.test
index 9c902af..cf85dac 100644
--- a/llvm/test/Object/macho-invalid.test
+++ b/llvm/test/Object/macho-invalid.test
@@ -334,3 +334,18 @@ INVALID-ENTRY-BAD-SIZE: macho-invalid-entry-bad-size': truncated or malformed ob
 
 RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-entry-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENTRY-MORE-THAN-ONE %s
 INVALID-ENTRY-MORE-THAN-ONE: macho-invalid-entry-more-than-one': truncated or malformed object (more than one LC_MAIN command)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-BAD-SIZE %s
+INVALID-ENCRYPT-BAD-SIZE: macho-invalid-encrypt-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO command 0 has incorrect cmdsize)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT64-BAD-SIZE %s
+INVALID-ENCRYPT64-BAD-SIZE: macho-invalid-encrypt64-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO_64 command 0 has incorrect cmdsize)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-MORE-THAN-ONE %s
+INVALID-ENCRYPT-MORE-THAN-ONE: macho-invalid-encrypt-more-than-one': truncated or malformed object (more than one LC_ENCRYPTION_INFO and or LC_ENCRYPTION_INFO_64 command)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-cryptoff 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF %s
+INVALID-ENCRYPT-CRYPTOFF: macho-invalid-encrypt-cryptoff': truncated or malformed object (cryptoff field of LC_ENCRYPTION_INFO command 0 extends past the end of the file)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE %s
+INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE: macho-invalid-encrypt64-cryptoff-cryptsize': truncated or malformed object (cryptoff field plus cryptsize field of LC_ENCRYPTION_INFO_64 command 0 extends past the end of the file)