From nobody Wed Apr 12 19:34:33 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PxXwB5McYz44c0y; Wed, 12 Apr 2023 19:34:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PxXwB0cb1z3NNr; Wed, 12 Apr 2023 19:34:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681328074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vnfBGRcgoM8wVmPXbbvACuHS6KQAL5cQIWXdOogLh9o=; b=ksKzyCTQsJMozf2oLam3ci7Oqun8hj5xfE373Ju5TAlrz1YWVhqEDxPxDJ5ra1oFZRrdo5 LNNZn9a6G+xOIrmXsGOPC5Lazg8LoLUC/bp5t39YMYhqBnrpq4VMMg5A37CN1INGyrRwWh /TCvSOXncMGyP4ZBAmgWrPnWOmwDogzAuU8AvKDXfbO6AssORqOGsLYz3iOyhRn0miZeCY oTY0/67GLNsUvG5DT1CV5ZAQB9UMvIaDSHbgee++MbSWryydGlfU8dcql5e6LuoxW1MBZg /V4fQujMvgvRLxa3Y7KldvyrY4CmYYQ0pegLWKSFG80ZLjwgFWUkNd36bEi1JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1681328074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vnfBGRcgoM8wVmPXbbvACuHS6KQAL5cQIWXdOogLh9o=; b=cgcyZxvQkXx0eU54Jy7mZfq4P4dhyJQWocjYGJfUP8nr6XmKshL+VS4Foj1r+x00CjQ/jx CgWZjXlLROoRNDvkdNaybnX0befy+TS8R7vjIBjrli8kt6G4mbXaDugTVW8Lz7jm7dIw38 plo482fE/Ps00OvIey0NkhbQcwLtQg2cwXMO9Ct3sKkNxEpyky7yRZWY+6pCzCfJmrsTe8 rnmXopl6cQbze/z+RufbMDhCq4yppjsqSYebJI132wC5XzvxTCmnW6g2vNRfmtqP54lscX ocID2DAh9vH9b0ayiJOV9NZmKR7mmKbyxJld+sCegtz5Ks7dAX9ifFxm4DQyxQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681328074; a=rsa-sha256; cv=none; b=fNJ46z2y1fEAElSNjwIK6i6+KhJmjCnTvAbkRIsQn+rp1n5nyiXsvIZvAvZQmfyBrZcngH qNO20VX2hxG3AFWCwjZU7VFZsbxo1UY6o2+J30AFkwCesUVFEWjbZ1EbD6lVyIsW74Y/d9 TIrGoiEwEJgi6McsBnp/6PAifyt6b2o0sEUMC1sa0B4kCm5DSQKf0/lWq+ZEZzMNaFXY0m LTVShBc3DBJ974aMy5zqAzh2/cWwntdOe7FXuCLHLsYy2FUbR/g2Hr2livRNQqcXus7bXu xjhffPgqj6DX7cmC1gQMWIlsdo0gxVekvIFFw8q3/hZwV386RxVfD7HRx/uy/Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PxXw96QnPz1C1H; Wed, 12 Apr 2023 19:34:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33CJYXgG097101; Wed, 12 Apr 2023 19:34:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33CJYXQl097100; Wed, 12 Apr 2023 19:34:33 GMT (envelope-from git) Date: Wed, 12 Apr 2023 19:34:33 GMT Message-Id: <202304121934.33CJYXQl097100@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 2ef2c26f3f13 - main - link_elf: fix SysV hash function overflow List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2ef2c26f3f132af33f6f12cd7b27d4dbbd7fa435 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=2ef2c26f3f132af33f6f12cd7b27d4dbbd7fa435 commit 2ef2c26f3f132af33f6f12cd7b27d4dbbd7fa435 Author: Ed Maste AuthorDate: 2023-04-12 14:04:27 +0000 Commit: Ed Maste CommitDate: 2023-04-12 19:33:55 +0000 link_elf: fix SysV hash function overflow Quoting from https://maskray.me/blog/2023-04-12-elf-hash-function: The System V Application Binary Interface (generic ABI) specifies the ELF object file format. When producing an output executable or shared object needing a dynamic symbol table (.dynsym), a linker generates a .hash section with type SHT_HASH to hold a symbol hash table. A DT_HASH tag is produced to hold the address of .hash. The function is supposed to return a value no larger than 0x0fffffff. Unfortunately, there is a bug. When unsigned long consists of more than 32 bits, the return value may be larger than UINT32_MAX. For instance, elf_hash((const unsigned char *)"\xff\x0f\x0f\x0f\x0f\x0f\x12") returns 0x100000002, which is clearly unintended, as the function should behave the same way regardless of whether long represents a 32-bit integer or a 64-bit integer. Reviewed by: kib, Fangrui Song Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D39517 --- sys/kern/link_elf.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c index 5f0649d7540c..8e1495acee2b 100644 --- a/sys/kern/link_elf.c +++ b/sys/kern/link_elf.c @@ -1470,23 +1470,20 @@ relocate_file(elf_file_t ef) } /* - * Hash function for symbol table lookup. Don't even think about changing - * this. It is specified by the System V ABI. + * SysV hash function for symbol table lookup. It is specified by the + * System V ABI. */ -static unsigned long +static Elf32_Word elf_hash(const char *name) { - const unsigned char *p = (const unsigned char *) name; - unsigned long h = 0; - unsigned long g; + const unsigned char *p = (const unsigned char *)name; + Elf32_Word h = 0; while (*p != '\0') { h = (h << 4) + *p++; - if ((g = h & 0xf0000000) != 0) - h ^= g >> 24; - h &= ~g; + h ^= (h >> 24) & 0xf0; } - return (h); + return (h & 0x0fffffff); } static int @@ -1497,7 +1494,7 @@ link_elf_lookup_symbol1(linker_file_t lf, const char *name, c_linker_sym_t *sym, unsigned long symnum; const Elf_Sym* symp; const char *strp; - unsigned long hash; + Elf32_Word hash; /* If we don't have a hash, bail. */ if (ef->buckets == NULL || ef->nbuckets == 0) {