NotificationsYou must be signed in to change notification settings
Fork3
Star8

Commitf342b71

committed

Prevent huge allocations when parsing goes wrong

There are no kind words to talk about how I feel aboutthe `debug/pe` package right now. What's very clear isthat it was never intended for arbitrary inputs.Anyway, these changes make us stray further from upstream,but when I look at upstream, I'm okay with it.

1 parent308c377 commitf342b71Copy full SHA for f342b71

File tree

4 files changed

+33

-41

lines changed

pe
probe.go

4 files changed

+33

-41

lines changed

`‎pe/file.go‎`

Lines changed: 15 additions & 37 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@ import (`
`10`	`10`	`"encoding/binary"`
`11`	`11`	`"fmt"`
`12`	`12`	`"io"`
`13`		`-"os"`
`14`	`13`
`15`	`14`	`"github.com/pkg/errors"`
`16`	`15`	`)`
`@@ -30,33 +29,7 @@ type File struct {`
`30`	`29`	`closer io.Closer`
`31`	`30`	`readerAt io.ReaderAt`
`32`	`31`	`baseint64`
`33`		`-}`
`34`		`-`
`35`		`-// Open opens the named file using os.Open and prepares it for use as a PE binary.`
`36`		`-funcOpen(namestring) (*File,error) {`
`37`		`-f,err:=os.Open(name)`
`38`		`-iferr!=nil {`
`39`		`-returnnil,err`
`40`		`-}`
`41`		`-ff,err:=NewFile(f)`
`42`		`-iferr!=nil {`
`43`		`-f.Close()`
`44`		`-returnnil,err`
`45`		`-}`
`46`		`-ff.closer=f`
`47`		`-returnff,nil`
`48`		`-}`
`49`		`-`
`50`		`-// Close closes the File.`
`51`		`-// If the File was created using NewFile directly instead of Open,`
`52`		`-// Close has no effect.`
`53`		`-func (f*File)Close()error {`
`54`		`-varerrerror`
`55`		`-iff.closer!=nil {`
`56`		`-err=f.closer.Close()`
`57`		`-f.closer=nil`
`58`		`-}`
`59`		`-returnerr`
	`32`	`+sizeint64`
`60`	`33`	`}`
`61`	`34`
`62`	`35`	`var (`
`@@ -67,10 +40,11 @@ var (`
`67`	`40`	`// TODO(brainman): add Load function, as a replacement for NewFile, that does not call removeAuxSymbols (for performance)`
`68`	`41`
`69`	`42`	`// NewFile creates a new File for accessing a PE binary in an underlying reader.`
`70`		`-funcNewFile(r io.ReaderAt) (*File,error) {`
	`43`	`+funcNewFile(r io.ReaderAt,sizeint64) (*File,error) {`
`71`	`44`	`f:=new(File)`
	`45`	`+f.size=size`
`72`	`46`	`f.readerAt=r`
`73`		`-sr:=io.NewSectionReader(r,0,1<<63-1)`
	`47`	`+sr:=io.NewSectionReader(r,0,size)`
`74`	`48`
`75`	`49`	`vardosheader [96]byte`
`76`	`50`	`if_,err:=r.ReadAt(dosheader[0:],0);err!=nil {`
`@@ -80,16 +54,22 @@ func NewFile(r io.ReaderAt) (*File, error) {`
`80`	`54`	`ifdosheader[0]=='M'&&dosheader[1]=='Z' {`
`81`	`55`	`signoff:=int64(binary.LittleEndian.Uint32(dosheader[0x3c:]))`
`82`	`56`	`varsign [4]byte`
`83`		`-r.ReadAt(sign[:],signoff)`
	`57`	`+_,err:=r.ReadAt(sign[:],signoff)`
	`58`	`+iferr!=nil {`
	`59`	`+returnnil,err`
	`60`	`+}`
`84`	`61`	`if!(sign[0]=='P'&&sign[1]=='E'&&sign[2]==0&&sign[3]==0) {`
`85`	`62`	`returnnil,fmt.Errorf("Invalid PE COFF file signature of %v.",sign)`
`86`	`63`	`}`
`87`	`64`	`base=signoff+4`
`88`	`65`	`}else {`
`89`	`66`	`base=int64(0)`
`90`	`67`	`}`
`91`		`-sr.Seek(base,seekStart)`
`92`		`-iferr:=binary.Read(sr,binary.LittleEndian,&f.FileHeader);err!=nil {`
	`68`	`+_,err:=sr.Seek(base,seekStart)`
	`69`	`+iferr!=nil {`
	`70`	`+returnnil,err`
	`71`	`+}`
	`72`	`+iferr=binary.Read(sr,binary.LittleEndian,&f.FileHeader);err!=nil {`
`93`	`73`	`returnnil,err`
`94`	`74`	`}`
`95`	`75`	`switchf.FileHeader.Machine {`
`@@ -98,16 +78,14 @@ func NewFile(r io.ReaderAt) (*File, error) {`
`98`	`78`	`returnnil,fmt.Errorf("Unrecognised COFF file header machine value of 0x%x.",f.FileHeader.Machine)`
`99`	`79`	`}`
`100`	`80`
`101`		`-varerrerror`
`102`		`-`
`103`	`81`	`// Read string table.`
`104`		`-f.StringTable,err=readStringTable(&f.FileHeader,sr)`
	`82`	`+f.StringTable,err=readStringTable(f,&f.FileHeader,sr)`
`105`	`83`	`iferr!=nil {`
`106`	`84`	`returnnil,err`
`107`	`85`	`}`
`108`	`86`
`109`	`87`	`// Read symbol table.`
`110`		`-f.COFFSymbols,err=readCOFFSymbols(&f.FileHeader,sr)`
	`88`	`+f.COFFSymbols,err=readCOFFSymbols(f,&f.FileHeader,sr)`
`111`	`89`	`iferr!=nil {`
`112`	`90`	`returnnil,err`
`113`	`91`	`}`

`‎pe/string.go‎`

Lines changed: 11 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,8 @@ import (`
`8`	`8`	`"encoding/binary"`
`9`	`9`	`"fmt"`
`10`	`10`	`"io"`
	`11`	`+`
	`12`	`+"github.com/itchio/headway/united"`
`11`	`13`	`)`
`12`	`14`
`13`	`15`	`// cstring converts ASCII byte sequence b to string.`
`@@ -22,13 +24,13 @@ func cstring(b []byte) string {`
`22`	`24`	`// StringTable is a COFF string table.`
`23`	`25`	`typeStringTable []byte`
`24`	`26`
`25`		`-funcreadStringTable(fh*FileHeader,r io.ReadSeeker) (StringTable,error) {`
	`27`	`+funcreadStringTable(fFile,fhFileHeader,r io.ReadSeeker) (StringTable,error) {`
`26`	`28`	`// COFF string table is located right after COFF symbol table.`
`27`	`29`	`iffh.PointerToSymbolTable<=0 {`
`28`	`30`	`returnnil,nil`
`29`	`31`	`}`
`30`	`32`	`offset:=fh.PointerToSymbolTable+COFFSymbolSize*fh.NumberOfSymbols`
`31`		`-_,err:=r.Seek(int64(offset),seekStart)`
	`33`	`+_,err:=r.Seek(int64(offset),io.SeekStart)`
`32`	`34`	`iferr!=nil {`
`33`	`35`	`returnnil,fmt.Errorf("fail to seek to string table: %v",err)`
`34`	`36`	`}`
`@@ -37,11 +39,18 @@ func readStringTable(fh *FileHeader, r io.ReadSeeker) (StringTable, error) {`
`37`	`39`	`iferr!=nil {`
`38`	`40`	`returnnil,fmt.Errorf("fail to read string table length: %v",err)`
`39`	`41`	`}`
	`42`	`+`
	`43`	`+varendint64=int64(offset)+int64(l)`
	`44`	`+ifend>=f.size {`
	`45`	`+returnnil,fmt.Errorf("debug/pe thinks the string table is at %s, but the file is only %s",united.FormatBytes(end),united.FormatBytes(f.size))`
	`46`	`+}`
	`47`	`+`
`40`	`48`	`// string table length includes itself`
`41`	`49`	`ifl<=4 {`
`42`	`50`	`returnnil,nil`
`43`	`51`	`}`
`44`	`52`	`l-=4`
	`53`	`+`
`45`	`54`	`buf:=make([]byte,l)`
`46`	`55`	`_,err=io.ReadFull(r,buf)`
`47`	`56`	`iferr!=nil {`

`‎pe/symbol.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ type COFFSymbol struct {`
`22`	`22`	`NumberOfAuxSymbolsuint8`
`23`	`23`	`}`
`24`	`24`
`25`		`-funcreadCOFFSymbols(fh*FileHeader,r io.ReadSeeker) ([]COFFSymbol,error) {`
	`25`	`+funcreadCOFFSymbols(fFile,fhFileHeader,r io.ReadSeeker) ([]COFFSymbol,error) {`
`26`	`26`	`iffh.PointerToSymbolTable==0 {`
`27`	`27`	`returnnil,nil`
`28`	`28`	`}`

`‎probe.go‎`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,12 @@ type ProbeParams struct {`
`19`	`19`	`funcProbe(file eos.File,paramsProbeParams) (*PeInfo,error) {`
`20`	`20`	`consumer:=params.Consumer`
`21`	`21`
`22`		`-pf,err:=pe.NewFile(file)`
	`22`	`+stats,err:=file.Stat()`
	`23`	`+iferr!=nil {`
	`24`	`+returnnil,errors.WithStack(err)`
	`25`	`+}`
	`26`	`+`
	`27`	`+pf,err:=pe.NewFile(file,stats.Size())`
`23`	`28`	`iferr!=nil {`
`24`	`29`	`returnnil,errors.WithStack(err)`
`25`	`30`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf342b71

File tree

4 files changed

4 files changed

`‎pe/file.go‎`

`‎pe/string.go‎`

`‎pe/symbol.go‎`

`‎probe.go‎`

0 commit comments