libebl: Check NT_PLATFORM core notes contain a zero terminated string.

Most strings in core notes are fixed size. But NT_PLATFORM contains just
a variable length string. Check that it is actually zero terminated
before passing to readelf to print.

https://sourceware.org/bugzilla/show_bug.cgi?id=24089

Signed-off-by: Mark Wielaard <mark@klomp.org>

7 files changed, 42 insertions, 26 deletions

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index b96cebf2..c295fa7d 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
+	* linux-core-attach.c (core_next_thread): Pass desc to ebl_core_note.
+	(core_set_initial_registers): Likewise.
+
 2018-10-23  Mark Wielaard  <mark@klomp.org>
 
 	* relocate.c (relocate_section): Only sanity check mmapped Elf files
diff --git a/libdwfl/linux-core-attach.c b/libdwfl/linux-core-attach.c
index 6c99b9e2..c0f1b0d0 100644
--- a/libdwfl/linux-core-attach.c
+++ b/libdwfl/linux-core-attach.c
@@ -137,7 +137,7 @@ core_next_thread (Dwfl *dwfl __attribute__ ((unused)), void *dwfl_arg,
       const Ebl_Register_Location *reglocs;
       size_t nitems;
       const Ebl_Core_Item *items;
-      if (! ebl_core_note (core_arg->ebl, &nhdr, name,
+      if (! ebl_core_note (core_arg->ebl, &nhdr, name, desc,
 			   &regs_offset, &nregloc, &reglocs, &nitems, &items))
 	{
 	  /* This note may be just not recognized, skip it.  */
@@ -191,8 +191,9 @@ core_set_initial_registers (Dwfl_Thread *thread, void *thread_arg_voidp)
   const Ebl_Register_Location *reglocs;
   size_t nitems;
   const Ebl_Core_Item *items;
-  int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, &regs_offset,
-				     &nregloc, &reglocs, &nitems, &items);
+  int core_note_err = ebl_core_note (core_arg->ebl, &nhdr, name, desc,
+				     &regs_offset, &nregloc, &reglocs,
+				     &nitems, &items);
   /* __libdwfl_attach_state_for_core already verified the note is there.  */
   assert (core_note_err != 0);
   assert (nhdr.n_type == NT_PRSTATUS);
@@ -383,7 +384,7 @@ dwfl_core_file_attach (Dwfl *dwfl, Elf *core)
       const Ebl_Register_Location *reglocs;
       size_t nitems;
       const Ebl_Core_Item *items;
-      if (! ebl_core_note (ebl, &nhdr, name,
+      if (! ebl_core_note (ebl, &nhdr, name, desc,
 			   &regs_offset, &nregloc, &reglocs, &nitems, &items))
 	{
 	  /* This note may be just not recognized, skip it.  */
diff --git a/libebl/ChangeLog b/libebl/ChangeLog
index 77c22746..9cdf8995 100644
--- a/libebl/ChangeLog
+++ b/libebl/ChangeLog
@@ -1,5 +1,11 @@
 2019-01-16  Mark Wielaard  <mark@klomp.org>
 
+	* libebl.h (ebl_core_note): Add desc as argument.
+	* eblcorenote.c (ebl_core_note): Take desc as an argument, check
+	it contains a zero terminated string if it is an NT_PLATFORM note.
+
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
 	* eblobjnte.c (ebl_object_note): Check pr_datasz isn't too large.
 
 2018-12-02  Mark Wielaard  <mark@klomp.org>
diff --git a/libebl/eblcorenote.c b/libebl/eblcorenote.c
index 783f9815..7fab3974 100644
--- a/libebl/eblcorenote.c
+++ b/libebl/eblcorenote.c
@@ -36,11 +36,13 @@
 #include <inttypes.h>
 #include <stdio.h>
 #include <stddef.h>
+#include <string.h>
 #include <libeblP.h>
 
 
 int
 ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
+	       const char *desc,
 	       GElf_Word *regs_offset, size_t *nregloc,
 	       const Ebl_Register_Location **reglocs, size_t *nitems,
 	       const Ebl_Core_Item **items)
@@ -51,28 +53,25 @@ ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
     {
       /* The machine specific function did not know this type.  */
 
-      *regs_offset = 0;
-      *nregloc = 0;
-      *reglocs = NULL;
-      switch (nhdr->n_type)
+      /* NT_PLATFORM is kind of special since it needs a zero terminated
+         string (other notes often have a fixed size string).  */
+      static const Ebl_Core_Item platform[] =
 	{
-#define ITEMS(type, table)				\
-	  case type:					\
-	    *items = table;				\
-	    *nitems = sizeof table / sizeof table[0];	\
-	    result = 1;					\
-	    break
+	  {
+	    .name = "Platform",
+	    .type = ELF_T_BYTE, .count = 0, .format = 's'
+	  }
+	};
 
-	  static const Ebl_Core_Item platform[] =
-	    {
-	      {
-		.name = "Platform",
-		.type = ELF_T_BYTE, .count = 0, .format = 's'
-	      }
-	    };
-	  ITEMS (NT_PLATFORM, platform);
-
-#undef	ITEMS
+      if (nhdr->n_type == NT_PLATFORM
+	  && memchr (desc, '\0', nhdr->n_descsz) != NULL)
+        {
+	  *regs_offset = 0;
+	  *nregloc = 0;
+	  *reglocs = NULL;
+	  *items = platform;
+	  *nitems = 1;
+	  result = 1;
 	}
     }
 
diff --git a/libebl/libebl.h b/libebl/libebl.h
index ca9b9fec..24922eb8 100644
--- a/libebl/libebl.h
+++ b/libebl/libebl.h
@@ -319,7 +319,8 @@ typedef struct
 
 /* Describe the format of a core file note with the given header and NAME.
    NAME is not guaranteed terminated, it's NHDR->n_namesz raw bytes.  */
-extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr, const char *name,
+extern int ebl_core_note (Ebl *ebl, const GElf_Nhdr *nhdr,
+			  const char *name, const char *desc,
 			  GElf_Word *regs_offset, size_t *nregloc,
 			  const Ebl_Register_Location **reglocs,
 			  size_t *nitems, const Ebl_Core_Item **items)
diff --git a/src/ChangeLog b/src/ChangeLog
index 803ac95f..c0455f1c 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2019-01-16  Mark Wielaard  <mark@klomp.org>
+
+	* readelf (handle_core_note): Pass desc to ebl_core_note.
+
 2018-11-10  Mark Wielaard  <mark@klomp.org>
 
 	* elflint.c (check_program_header): Allow PT_GNU_EH_FRAME segment
diff --git a/src/readelf.c b/src/readelf.c
index 3a73710f..71651e09 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -12153,7 +12153,7 @@ handle_core_note (Ebl *ebl, const GElf_Nhdr *nhdr,
   size_t nitems;
   const Ebl_Core_Item *items;
 
-  if (! ebl_core_note (ebl, nhdr, name,
+  if (! ebl_core_note (ebl, nhdr, name, desc,
 		       &regs_offset, &nregloc, &reglocs, &nitems, &items))
     return;