More LZMA inSize (srclen) defense
https://github.com/upx/upx/issues/717 modified: stub/src/amd64-darwin.dylib-entry.S fixed modified: stub/src/amd64-darwin.macho-entry.S fixed modified: stub/src/amd64-linux.elf-so_entry.S comment-only modified: stub/src/i386-linux.elf-so_entry.S comment-only modified: stub/amd64-darwin.dylib-entry.h modified: stub/amd64-darwin.macho-entry.h modified: stub/amd64-linux.elf-so_entry.h modified: stub/tmp/amd64-darwin.dylib-entry.bin.dump modified: stub/tmp/amd64-darwin.macho-entry.bin.dump modified: stub/tmp/amd64-linux.elf-so_entry.bin.dump Find+fix steps that were performed: 1. Find all 'add' instructions that compute "eof". NRV run-time decompressors ignore srclen, so 'add' can be ignored for them. $ cd upx-devel4/src/stub $ grep -sr 'add.*eof' src | grep -v 'nrv2._d.*.S' | sort src/amd64-darwin.dylib-entry.S: addq src,lsrc; push lsrc // &input_eof src/amd64-darwin.macho-entry.S: addq src,lsrc; push lsrc // &input_eof src/amd64-linux.elf-entry.S: addq src,lsrc; push lsrc // &input_eof src/amd64-linux.elf-so_entry.S: addq src,lsrc; push lsrc // MATCH_05 &input_eof src/amd64-linux.elf-so_main.c: void *mfd_addr = Pmap(0, sizeof(code), PROT_READ|PROT_EXEC, MAP_PRIVATE, mfd, 0); src/amd64-linux.shlib-init.S: addq src,lsrc; push lsrc // &input_eof src/arch/amd64/lzma_d.S:// addq src,lsrc; push lsrc // &input_eof src/i386-expand.S: add src,%ecx; push %ecx // MATCH_52 eof_src src/i386-linux.elf-so_entry.S: add src,lsrc; push lsrc // MATCH_05 &input_eof 2. Case-by-case inspection src/amd64-darwin.dylib-entry.S: addq src,lsrc; push lsrc // &input_eof restoring 'subq' is added in this commit src/amd64-darwin.macho-entry.S: addq src,lsrc; push lsrc // &input_eof restoring 'subq' is added in this commit src/amd64-linux.elf-entry.S: addq src,lsrc; push lsrc // &input_eof a restoring 'subq' is already next src/amd64-linux.elf-so_entry.S: addq src,lsrc; push lsrc // MATCH_05 &input_eof lsrc is dead for inlined nrv2b src/amd64-linux.elf-so_main.c: void *mfd_addr = Pmap(0, sizeof(code), PROT_READ|PROT_EXEC, MAP_PRIVATE, mfd, 0); .c code src/amd64-linux.shlib-init.S: addq src,lsrc; push lsrc // &input_eof restoring 'subq' is already next src/arch/amd64/lzma_d.S:// addq src,lsrc; push lsrc // &input_eof comment that explains preceding actions in ELFMAINX; a restoring 'subq' is already next src/i386-expand.S: add src,%ecx; push %ecx // MATCH_52 eof_src %ecx is dead src/i386-linux.elf-so_entry.S: add src,lsrc; push lsrc // MATCH_05 &input_eof lsrc is dead for inlined nrv2b
This commit is contained in:
John Reiser
committed by
Markus F.X.J. Oberhumer
Markus F.X.J. Oberhumer
parent
0515be4334
commit
65b06f6046
+12
-12
@@ -4,18 +4,18 @@ Sections:
|
||||
Idx Name Size VMA LMA File off Algn Flags
|
||||
0 AMD64BXX 04c 0 0 040 2**0 CONTENTS
|
||||
1 MACHMAINX 05 0 0 08c 2**0 CONTENTS
|
||||
2 MACH_UNC 08 0 0 091 2**0 CONTENTS
|
||||
3 NRV_HEAD 067 0 0 099 2**0 CONTENTS
|
||||
4 NRV2E 0ba 0 0 0100 2**0 CONTENTS
|
||||
5 NRV2D 0a1 0 0 01ba 2**0 CONTENTS
|
||||
6 NRV2B 093 0 0 025b 2**0 CONTENTS
|
||||
7 LZMA_ELF00 064 0 0 02ee 2**0 CONTENTS
|
||||
8 LZMA_DEC10 09f7 0 0 0352 2**0 CONTENTS
|
||||
9 LZMA_DEC20 09f7 0 0 0d49 2**0 CONTENTS
|
||||
10 LZMA_DEC30 018 0 0 01740 2**0 CONTENTS
|
||||
11 NRV_TAIL 0 0 0 01758 2**0 CONTENTS
|
||||
12 MACHMAINY 011 0 0 01758 2**0 CONTENTS
|
||||
13 MACHMAINZ 0135 0 0 01769 2**0 CONTENTS
|
||||
2 MACH_UNC 0b 0 0 091 2**0 CONTENTS
|
||||
3 NRV_HEAD 067 0 0 09c 2**0 CONTENTS
|
||||
4 NRV2E 0ba 0 0 0103 2**0 CONTENTS
|
||||
5 NRV2D 0a1 0 0 01bd 2**0 CONTENTS
|
||||
6 NRV2B 093 0 0 025e 2**0 CONTENTS
|
||||
7 LZMA_ELF00 064 0 0 02f1 2**0 CONTENTS
|
||||
8 LZMA_DEC10 09f7 0 0 0355 2**0 CONTENTS
|
||||
9 LZMA_DEC20 09f7 0 0 0d4c 2**0 CONTENTS
|
||||
10 LZMA_DEC30 018 0 0 01743 2**0 CONTENTS
|
||||
11 NRV_TAIL 0 0 0 0175b 2**0 CONTENTS
|
||||
12 MACHMAINY 011 0 0 0175b 2**0 CONTENTS
|
||||
13 MACHMAINZ 0135 0 0 0176c 2**0 CONTENTS
|
||||
SYMBOL TABLE:
|
||||
0000000000000000 l d NRV_HEAD 0 NRV_HEAD
|
||||
0000000000000000 l d LZMA_DEC30 0 LZMA_DEC30
|
||||
|
||||
Reference in New Issue
Block a user