static void sh_prelink_fd(sh_tas_t * task)
{
SL_TICKET ticket;
char * tmp;
char hashbuf[KEYBUF_SIZE];
if (task->com_ti != (-1))
{
(void) sl_close(task->com_ti);
task->com_fd = -1;
task->com_ti = -1;
}
ticket = sl_open_read(FIL__, __LINE__, task->command,
task->privileged == 0 ? SL_NOPRIV : SL_YESPRIV);
if (SL_ISERROR(ticket))
{
char errbuf[SH_ERRBUF_SIZE];
char errbuf2[SH_ERRBUF_SIZE];
sh_error_message(errno, errbuf2, sizeof(errbuf2));
sl_strlcpy(errbuf, sl_error_string(ticket), sizeof(errbuf));
tmp = sh_util_safe_name (task->command);
sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_READ, errbuf, errbuf2, tmp);
SH_FREE(tmp);
return;
}
if (*(task->checksum) == '\0' ||
0 == sl_strcmp(task->checksum,
sh_tiger_hash (task->command, ticket, TIGER_NOLIM, hashbuf, sizeof(hashbuf))))
{
task->com_fd = get_the_fd(ticket);
task->com_ti = ticket;
}
else
{
tmp = sh_util_safe_name (task->command);
sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, ticket, MSG_E_HASH, tmp);
SH_FREE(tmp);
(void) sl_close(ticket);
}
return;
}
/*-------------------------------------------------------------------------*/
svalue_t *
f_sl_close (svalue_t * sp)
/* EFUN sl_close()
*
* void sl_close()
*
* Closes the SQLite database that is associated with the
* current object.
*/
{
if (!sl_close(current_object))
errorf("The current object doesn't have a database open.\n");
return sp;
} /* f_sl_close() */
void map_segments (long fd, Elf32_Phdr *segs[2], Elf32_Half type, dso *so) {
/* Adjust text segment addresses to page size */
Elf32_Off text_offset = TRUNC_PAGE(segs[0]->p_offset);
Elf32_Addr text_vaddr = TRUNC_PAGE(segs[0]->p_vaddr);
Elf32_Addr text_vlimit = ROUND_PAGE(segs[1]->p_vaddr + segs[1]->p_memsz);
unsigned long mapsize = text_vlimit - text_vaddr;
/* Executable has to be loaded at constant address */
void *base_addr = 0;
if (type == ET_EXEC) {
base_addr = (void *)text_vaddr;
}
/* TODO: what if base address lies in already mapped area? E.g. where the loader resides? */
/* Map text segment into memory */
char *mapbase = sl_mmap(base_addr, mapsize, convert_prot(segs[0]->p_flags),
MAP_PRIVATE, fd, text_offset);
if ((long)mapbase == -1) {
sl_close(fd);
sl_printf("Error map_segments: mapping of text segment failed.\n");
sl_exit(1);
}
/* Adjust data segment addresses to page size */
Elf32_Off data_offset = TRUNC_PAGE(segs[1]->p_offset);
Elf32_Addr data_vaddr = TRUNC_PAGE(segs[1]->p_vaddr);
Elf32_Addr data_vlimit = ROUND_PAGE(segs[1]->p_vaddr + segs[1]->p_filesz);
void *data_addr = mapbase + (data_vaddr - text_vaddr);
long data_prot = convert_prot(segs[1]->p_flags);
/* Map data segment into memory */
if ((long)sl_mmap(data_addr, data_vlimit - data_vaddr, data_prot,
MAP_PRIVATE | MAP_FIXED, fd, data_offset) == -1) {
sl_close(fd);
sl_printf("Error map_segments: mapping of data segment failed.\n");
sl_exit(1);
}
/* Clear BSS part */
Elf32_Addr clear_vaddr = segs[1]->p_vaddr + segs[1]->p_filesz;
void *clear_addr = mapbase + (clear_vaddr - text_vaddr);
void *clear_page = mapbase + (TRUNC_PAGE(clear_vaddr) - text_vaddr);
unsigned long nclear = data_vlimit - clear_vaddr;
if (nclear > 0) {
/* Make sure the end of the segment is writable */
if ((data_prot & PROT_WRITE) == 0 &&
sl_mprotect(clear_page, PAGE_SIZE, data_prot|PROT_WRITE) == -1) {
sl_printf("Error map_segments: mprotect on data segment failed.\n");
sl_exit(1);
}
sl_memset(clear_addr, 0, nclear);
/* Reset the data protection */
if ((data_prot & PROT_WRITE) == 0) {
sl_mprotect(clear_page, PAGE_SIZE, data_prot);
}
}
/* Allocate remaining part of bss section */
Elf32_Addr bss_vaddr = data_vlimit;
Elf32_Addr bss_vlimit = ROUND_PAGE(segs[1]->p_vaddr + segs[1]->p_memsz);
void *bss_addr = mapbase + (bss_vaddr - text_vaddr);
if (bss_vlimit > bss_vaddr) {
if ((long)sl_mmap(bss_addr, bss_vlimit - bss_vaddr, data_prot,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == -1) {
sl_printf("Error map_segments: mmap of bss segment failed.\n");
sl_exit(1);
}
}
/* Save important information */
so->base_addr = (type == ET_EXEC) ? 0 : mapbase;
so->text_addr = mapbase;
so->text_size = mapsize;
so->data_addr = data_addr;
so->data_size = data_vlimit - data_vaddr;
so->bss_addr = bss_addr;
so->bss_size = bss_vlimit - bss_vaddr;
so->end_addr = bss_addr + so->bss_size;
so->text_prot = convert_prot(segs[0]->p_flags);
so->data_prot = data_prot;
so->bss_prot = data_prot;
}
dso *load_elf(dso *loader, const char *name, const char *path, long fd,
unsigned char rt_load, unsigned int rtld_mode, Elf32_auxv_t *auxv) {
#ifdef D_LOAD
sl_printf("\nLoading elf file: %s (%s)\n", path, name);
#endif
#ifdef SL_STATISTIC
/* Some statistics */
loaded_dsos++;
curr_loaded_dsos++;
max_loaded_dsos = MAX(max_loaded_dsos, curr_loaded_dsos);
#endif
/* Get file information */
struct kernel_stat file_info;
if(sl_fstat(fd, &file_info) == -1) {
/* Close file */
sl_close(fd);
/* Signal error (longjmp) if we load at runtime */
if(rt_load)
signal_error(0, name, 0, "fstat failed");
/* Not at runtime -> fail */
sl_printf("Error load_elf: fstat failed while loading %s.\n", name);
sl_exit(1);
}
/* Map entire file in memory */
void *file_map = sl_mmap(0, file_info.st_size, PROT_READ,
MAP_PRIVATE, fd, 0);
if ((long)file_map == -1) {
/* Close file */
sl_close(fd);
/* Signal error (longjmp) if we load at runtime */
if(rt_load)
signal_error(0, name, 0, "mmap failed");
/* Not at runtime -> fail */
sl_printf("Error load_elf: mmap of file %s failed.\n", name);
sl_exit(1);
}
/* Get ELF header and check file */
Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *) file_map;
long valid = check_elf(elf_hdr);
if (valid != 0) {
/* Invalid elf file */
sl_close(fd);
/* Signal error (longjmp) if we load at runtime */
if(rt_load)
signal_error(0, name, 0, "invalid ELF file");
/* Not at runtime -> fail */
sl_printf("Error load_elf: %s is not a valid ELF file (error: %d).\n",
name, valid);
sl_exit(1);
}
/* Get program and section header */
Elf32_Phdr *program_hdr = (Elf32_Phdr *) (file_map + elf_hdr->e_phoff);
Elf32_Shdr *shdr = (Elf32_Shdr *) (file_map + elf_hdr->e_shoff);
/* Segments (text and data) which we have to map in memory */
Elf32_Phdr *load_segments[2];
long num_load = 0;
/* Create new shared object */
dso *so = sl_calloc(sizeof(dso), 1);
/* Iterate over program headers */
unsigned long i = 0;
for(i = 0; i < elf_hdr->e_phnum; ++i) {
switch (program_hdr[i].p_type) {
case PT_DYNAMIC: /* Dynamic Header */
so->dynamic_section = (Elf32_Dyn *)(program_hdr[i].p_vaddr);
break;
case PT_LOAD: /* Section must be mapped in memory */
if (num_load >= 2) {
sl_printf("Error load_elf: more than two PT_LOAD segments!");
sl_exit(1);
}
load_segments[num_load++] = program_hdr+i;
break;
case PT_TLS: /* Thread Local Storage information*/
if (program_hdr[i].p_memsz == 0)
break;
/* Initialize TLS information */
so->tls_blocksize = program_hdr[i].p_memsz;
so->tls_align = program_hdr[i].p_align;
so->tls_initimage_size = program_hdr[i].p_filesz;
/* TLS image (addr later adjusted) */
so->tls_initimage = (void *) program_hdr[i].p_vaddr;
/* Assign next module ID */
so->tls_modid = ++GL(_dl_tls_max_dtv_idx);
break;
/*
case PT_GNU_STACK:
if (program_hdr[i].p_flags & PF_X) {
sl_printf("Warning: executable stack\n");
sl_exit(1);
}
break;
*/
case PT_GNU_RELRO: /* Sections to set readonly after relocation */
/* Address is later adjusted */
so->relro = program_hdr[i].p_vaddr;
so->relro_size = program_hdr[i].p_memsz;
break;
}
}
/* Map segments into memory and intitialize dso struct */
if(rtld_mode == 1 && auxv != NULL) {
Elf32_Phdr *program_hdr_auxv;
Elf32_Phdr *load_segments_auxv[2];
program_hdr_auxv = (Elf32_Phdr *)get_aux_value(auxv, AT_PHDR);
uint32_t auxv_e_phnum = (uint32_t)get_aux_value(auxv, AT_PHNUM);
unsigned long j = 0;
unsigned int nr_load = 0;
for(j = 0; j < auxv_e_phnum; j++) {
switch (program_hdr_auxv[j].p_type) {
case PT_LOAD: /* Section must be mapped in memory */
if (nr_load >= 2) {
sl_exit(1);
}
load_segments_auxv[nr_load++] = program_hdr_auxv+j;
break;
}
}
map_segments_RTLD(fd, load_segments, elf_hdr->e_type, so, load_segments_auxv);
} else {
map_segments(fd, load_segments, elf_hdr->e_type, so);
}
so->ref_count = 1;
so->deps_count = 0;
so->name = name;
so->path = path;
so->type = elf_hdr->e_type;
so->entry = (void*) elf_hdr->e_entry;
so->loader = loader;
so->dynamic_section = (Elf32_Dyn *) BYTE_STEP(so->dynamic_section,
so->base_addr);
so->program_header = (Elf32_Phdr *) BYTE_STEP(elf_hdr->e_phoff,
so->text_addr);
so->program_header_num = elf_hdr->e_phnum;
so->l_real = so;
/* Adjust address of TLS init image and relro address */
if (so->tls_initimage) {
so->tls_initimage = (char *)so->tls_initimage + (long)so->base_addr;
}
if (so->relro) {
so->relro = (Elf32_Addr) BYTE_STEP(so->relro, so->base_addr);
}
/* Iterate over section headers */
char *strtab = (char *)file_map + shdr[elf_hdr->e_shstrndx].sh_offset;
char *sname=0;
for (i=0; i<elf_hdr->e_shnum; ++i) {
sname = strtab + shdr[i].sh_name;
/* Save important sections */
if (sl_strncmp(sname, ".got", 5) == 0) {
so->got = (char *) (so->base_addr + shdr[i].sh_addr);
so->got_size = shdr[i].sh_size;
}
if (sl_strncmp(sname, ".plt", 5) == 0) {
so->plt = (char *) (so->base_addr + shdr[i].sh_addr);
so->plt_size = shdr[i].sh_size;
}
if (sl_strncmp(sname, ".got.plt", 9) == 0) {
so->gotplt = (char *) (so->base_addr + shdr[i].sh_addr);
so->gotplt_size = shdr[i].sh_size;
}
}
/* Resolve */
Elf32_Dyn *dyn;
long rpath=-1;
for (dyn = so->dynamic_section; dyn->d_tag != DT_NULL; ++dyn) {
switch (dyn->d_tag) {
case DT_INIT: /* Initialization function */
so->init = (void (*)(int, char**, char**))
BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_INIT_ARRAY: /* Array of initialization functions */
so->init_array = (Elf32_Addr *)BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_INIT_ARRAYSZ: /* Size of init array */
so->init_array_sz = (long)dyn->d_un.d_val / sizeof(Elf32_Addr);
break;
case DT_FINI: /* Finalization function */
so->fini = (void (*)()) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_FINI_ARRAY: /* Array of finalization functions */
so->fini_array = (Elf32_Addr *)BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_FINI_ARRAYSZ: /* Size of fini array */
so->fini_array_sz = (long)dyn->d_un.d_val / sizeof(Elf32_Addr);
break;
case DT_RUNPATH: /* String with library search paths */
rpath = dyn->d_un.d_val;
break;
case DT_RPATH: /* String with library search paths */
if (rpath == -1)
rpath = dyn->d_un.d_val;
break;
case DT_PLTGOT: /* Plt part of the global offset table */
so->gotplt = (char *) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_REL: /* Relocation table */
so->rel = (Elf32_Rel *) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_RELSZ: /* Size of the relocation table */
so->relsz = (long)dyn->d_un.d_val / sizeof(Elf32_Rel);
break;
case DT_JMPREL: /* Plt relocations part of relocation table */
so->pltrel = (Elf32_Rel *) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_PLTRELSZ: /* Size of plt relocations part of relocation table */
so->pltrelsz = (long)dyn->d_un.d_val / sizeof(Elf32_Rel);
break;
case DT_HASH: /* ELF hash table */
so->hash_table = (Elf32_Word *) BYTE_STEP(dyn->d_un.d_ptr,
so->base_addr);
break;
case DT_GNU_HASH: /* GNU hash table */
so->gnu_hash_table = (Elf32_Word *) BYTE_STEP(dyn->d_un.d_ptr,
so->base_addr);
break;
case DT_SYMTAB: /* Dynamic symbol table */
so->symbol_table = (Elf32_Sym *) BYTE_STEP(dyn->d_un.d_ptr,
so->base_addr);
break;
case DT_VERDEF: /* Versions defined in this DSO */
so->verdef = (Elf32_Verdef *) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_VERDEFNUM: /* Number of versions defined in this DSO */
so->verdef_num = (unsigned long) dyn->d_un.d_val;
break;
case DT_VERNEED: /* Versions needed by this DSO */
so->verneed = (Elf32_Verneed *) BYTE_STEP(dyn->d_un.d_ptr,
so->base_addr);
break;
case DT_VERNEEDNUM: /* Number of versions needed by this DSO */
so->verneed_num = (unsigned long) dyn->d_un.d_val;
break;
case DT_VERSYM: /* Version symbol table */
so->versym = (Elf32_Half *) BYTE_STEP(dyn->d_un.d_ptr, so->base_addr);
break;
case DT_STRTAB: /* Dynamic string table */
so->string_table = (char *) so->base_addr + dyn->d_un.d_ptr;
break;
case DT_NEEDED: /* Dependencies on other DSOs */
/* Count the number of direct dependencies */
so->deps_count++;
break;
case DT_FLAGS: /* Flags */
so->flags = dyn->d_un.d_val;
if ((so->flags & DF_SYMBOLIC)
|| (so->flags & DF_TEXTREL)) {
sl_printf("Error load_elf: not supported flag 0x%x in %s.\n",
so->flags, so->name);
sl_exit(1);
}
break;
case DT_FLAGS_1: /* Flags */
so->flags_1 = dyn->d_un.d_val;
if ((so->flags_1 & DF_1_GROUP)
|| (so->flags_1 & DF_1_LOADFLTR)
|| (so->flags_1 & DF_1_DIRECT)
|| (so->flags_1 & DF_1_INTERPOSE)
|| (so->flags_1 & DF_1_NODEFLIB)
// || (so->flags_1 & DF_1_NODUMP)
|| (so->flags_1 & DF_1_CONFALT)
|| (so->flags_1 & DF_1_ENDFILTEE)
|| (so->flags_1 & DF_1_DISPRELDNE)
|| (so->flags_1 & DF_1_DISPRELPND)) {
sl_printf("Error load_elf: not supported flag_1 0x%x in %s.\n",
so->flags_1, so->name);
sl_exit(1);
}
break;
}
}
/* Initialize the versioning data */
init_versions(so);
/* Set library search paths */
if (rpath != -1)
so->search_path = decompose_path(so->string_table+rpath,so->name, "RPATH");
/* Allocate memory for deps */
if (so->deps_count != 0)
so->deps = sl_malloc(so->deps_count * sizeof(dso *));
/* Add shared object to chain */
chain_add(so);
/* Now that we have the stringtable, iterate a second time over dynamic
section to get the names of the needed libraries. */
char *lib_name = 0;
long num = 0;
for (dyn = so->dynamic_section; dyn->d_tag != DT_NULL; dyn++) {
switch (dyn->d_tag) {
case DT_NEEDED:
/* Get name of needed lib */
lib_name = (char *)so->string_table + dyn->d_un.d_val;
#ifdef D_LOAD
sl_printf("Found dependency in %s: %s\n", so->name, lib_name);
#endif
/* Do not load the linux dynamic loader, because we replace it */
if (sl_strncmp(lib_name, LINUX_LOADER,
sl_strnlen(LINUX_LOADER, MAX_LIB_NAME))==0) {
so->deps_count--;
continue;
}
/* Check if we already loaded it */
dso *so_search = chain_search(lib_name);
if (so_search == 0) {
/* Not already loaded, search for it */
char *lib_path;
long fd = search_lib(so, lib_name, &lib_path);
if (fd == -1) {
/* Not found, signal error (longjmp) if we load at runtime */
if(rt_load)
signal_error(0, lib_name, 0, "cannot open shared object file");
/* Not at runtime -> fail */
sl_printf("Error load_elf: lib %s not found.\n", lib_name);
sl_exit(1);
}
/* Copy name */
char *lname = sl_malloc(MAX_LIB_NAME);
sl_strncpy(lname, lib_name, MAX_LIB_NAME);
PROT_DATA(lname, MAX_LIB_NAME);
/* Load it */
dso *so_loaded = load_elf(so, lname, lib_path, fd, rt_load, 0, NULL);
/* Increment local scope counter and add to direct deps */
so->lscope_num += so_loaded->lscope_num;
so->deps[num] = so_loaded;
} else {
/* Increment reference counter */
UNPROT(so_search);
so_search->ref_count++;
PROT(so_search);
/* Increment local scope counter and add to direct deps */
so->lscope_num += so_search->lscope_num;
so->deps[num] = so_search;
}
num++;
so->lscope_num++;
break;
}
}
so->lscope_num++;
/* Create local scope list. This has to be done in breadth-first order! */
so->lscope = sl_malloc(so->lscope_num * sizeof(dso *));
long j,k,l;
i = 0;
/* Add object itself */
so->lscope[i++] = so;
/* First add direct dependencies */
for (l=0; l<so->deps_count; ++l) {
so->lscope[i] = so->deps[l];
++i;
}
/* Now add deps recursively */
for (l=0; l<so->deps_count; ++l) {
for (k=0; k<so->deps[l]->lscope_num; ++k) {
dso *dep = so->deps[l]->lscope[k];
/* Check if already added */
long found = 0;
for (j=0; j<i; ++j) {
if (so->lscope[j] == dep)
found = 1;
}
if (found || !dep)
continue;
so->lscope[i] = dep;
++i;
}
}
/* Initialize Global Offset Table */
init_got(so);
#if defined(VERIFY_CFTX)
/* Add object to dso chain if libdetox wants to check the control flow
transfers */
add_dso(so, (char *)file_map);
#if defined(CALLBACK_MAIN_DETECTION) || defined(CALLBACK_DATA_SECTION_SEARCH)
/* Right after loading the dso we need to detect the libc callbacks to main/__libc_csu_init */
if(so->loader == NULL && dso_chain->next != 0) {
/* This is the main executable. Get the immediate values pushed on the stack right before __libc_start_main is called. */
#if defined(CALLBACK_MAIN_DETECTION)
/* This is the main function callback detection hack!
* - it tries to find the callback pointers passed to libc
* - and it adds them to the callback table so CFTX checks will pass */
long count = 0;
unsigned char *iptr;
unsigned long ptr;
if(so->type == ET_EXEC)
iptr = (unsigned char *)so->entry;
else /* PIE executable */
iptr = (unsigned char *)((unsigned long)so->base_addr + (unsigned long)so->entry);
/* TODO: 48? Remove hardcoded value. */
while(count<48) {
/* is it a push instruction with a 32bit immediate value? */
if(*iptr == 0x68) {
/* add the immediate value pushed to the stack */
ptr = *((unsigned long*)(++iptr));
fbt_add_callback(dso_chain->next, (void*)ptr);
iptr+=4;
count+=5;
} else {
iptr++;
count++;
}
/* in case we reached NOPs we can just stop looking for the pushes */
if(*iptr == 0x90) break;
}
#endif /* CALLBACK_MAIN_DETECTION */
#if defined(CALLBACK_DATA_SECTION_SEARCH)
/* Some x* applications have global function pointers in their .data section.
* This are probably widget class objects and their members. It seems that there is no other
* way to detect these potential callbacks than scanning through the .data section. This has
* only to be done for prelinked executables as we will detect the other callbacks during relocation. */
unsigned long *dptr = so->data_addr;
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->data_addr+(unsigned long)so->data_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through GOT */
dptr = (unsigned long*)(so->got);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->got+(unsigned long)so->got_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through GOT.PLT */
dptr = (unsigned long*)(so->gotplt);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->gotplt+(unsigned long)so->gotplt_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through rodata */
dptr = (unsigned long*)(so->dso->rodata);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->rodata+(unsigned long)so->dso->rodata_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through reldyn */
dptr = (unsigned long*)(so->dso->reldyn);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->reldyn+(unsigned long)so->dso->reldyn_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through relplt */
dptr = (unsigned long*)(so->dso->relplt);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->relplt+(unsigned long)so->dso->relplt_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
#endif /* CALLBACK_DATA_SECTION_SEARCH */
}
#endif /* defined(CALLBACK_MAIN_DETECTION) || defined(CALLBACK_DATA_SECTION_SEARCH) */
#if defined(CALLBACK_LIBRARIES_DATA_SECTION_SEARCH)
if(so->loader != NULL) { /* it's a library! */
unsigned long *dptr = so->data_addr;
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->data_addr+(unsigned long)so->data_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through GOT */
dptr = (unsigned long*)(so->got);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->got+(unsigned long)so->got_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through GOT.PLT */
dptr = (unsigned long*)(so->gotplt);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->gotplt+(unsigned long)so->gotplt_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through rodata */
dptr = (unsigned long*)(so->dso->rodata);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->rodata+(unsigned long)so->dso->rodata_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through reldyn */
dptr = (unsigned long*)(so->dso->reldyn);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->reldyn+(unsigned long)so->dso->reldyn_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
/* go through relplt */
dptr = (unsigned long*)(so->dso->relplt);
if(dptr) {
while((unsigned long)dptr < ((unsigned long)so->dso->relplt+(unsigned long)so->dso->relplt_size)) {
/* check if the obtained address points to executable memory (potential callback target) */
if (PTR_IN_REGION(*dptr, so->text_addr, so->text_size)
|| PTR_IN_REGION(*dptr, so->dso->init, so->dso->init_size)
|| PTR_IN_REGION(*dptr, so->dso->fini, so->dso->fini_size)) {
fbt_add_callback(so->dso, (void*)*dptr);
}
dptr++; /* increase by sizeof(unsigned long) = bytes */
}
}
}
#endif /* CALLBACK_LIBRARIES_DATA_SECTION_SEARCH */
#endif /* VERIFY_CFTX */
/* All necessary information in memory -> unmap file */
sl_munmap(file_map, file_info.st_size);
sl_close(fd);
/* Protect dependencies and local search scope */
PROT_DATA(so->deps, so->deps_count*sizeof(dso *));
PROT_DATA(so->lscope, so->lscope_num*sizeof(dso *));
return so;
}
/* --- Read the configuration file. ---
*/
int sh_readconf_read (void)
{
#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
/* This is for modules.
*/
int modnum;
#endif
int i;
SL_TICKET fd = -1;
#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
SL_TICKET fdTmp = -1;
#endif
#if defined(WITH_GPG) || defined(WITH_PGP)
SL_TICKET fdGpg = -1;
#endif
char * tmp;
#define SH_LINE_IN 16384
char * line_in;
char * line;
/* This is for nested conditionals.
*/
int cond_depth = 0;
int cond_excl = 0;
int local_file = 1;
char local_flag = 'R';
#if defined(WITH_GPG) || defined(WITH_PGP)
int signed_content = S_FALSE;
int true_content = S_FALSE;
#endif
#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
int hidden_count = 0;
#endif
uid_t euid;
char hashbuf[KEYBUF_SIZE];
SL_ENTER(_("sh_readconf_read"));
/* --- Open config file, exit on failure. ---
*/
#if defined(SH_WITH_CLIENT)
if (0 == sl_strcmp(file_path('C', 'R'), _("REQ_FROM_SERVER")))
{
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_D_START);
fd = sh_forward_req_file(_("CONF"));
if (!SL_ISERROR(fd))
{
local_file = 0;
}
else if (sh.flag.checkSum != SH_CHECK_INIT)
{
aud_exit (FIL__, __LINE__, EXIT_FAILURE);
}
else
{
sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_D_FAIL);
local_file = 1;
local_flag = 'I';
}
}
#endif
/* Use a local configuration file.
*/
if (local_file == 1)
{
if (0 != tf_trust_check (file_path('C', local_flag), SL_YESPRIV))
{
sl_get_euid(&euid);
dlog(1, FIL__, __LINE__,
_("The configuration file: %s is untrusted, i.e. an\nuntrusted user owns or can write to some directory in the path.\n"),
( (NULL == file_path('C', local_flag))
? _("(null)") : file_path('C', local_flag) ));
sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_TRUST,
(long) euid,
( (NULL == file_path('C', local_flag))
? _("(null)") : file_path('C', local_flag) )
);
aud_exit (FIL__, __LINE__, EXIT_FAILURE);
}
if (SL_ISERROR(fd = sl_open_read(FIL__, __LINE__,
file_path('C',local_flag),SL_YESPRIV)))
{
sl_get_euid(&euid);
dlog(1, FIL__, __LINE__,
_("Could not open the local configuration file for reading because\nof the following error: %s (errnum = %ld)\nIf this is a permission problem, you need to change file permissions\nto make the file readable for the effective UID: %d\n"),
sl_get_errmsg(), fd, (int) euid);
sh_error_handle ((-1), FIL__, __LINE__, fd, MSG_NOACCESS,
(long) euid,
( (NULL == file_path('C', local_flag))
? _("(null)") : file_path('C', local_flag) )
);
aud_exit (FIL__, __LINE__, EXIT_FAILURE);
}
}
/* Compute the checksum of the open file.
*/
sl_strlcpy(sh.conf.hash,
sh_tiger_hash(file_path('C',local_flag), fd, TIGER_NOLIM,
hashbuf, sizeof(hashbuf)),
KEY_LEN+1);
sl_rewind (fd);
line_in = SH_ALLOC(SH_LINE_IN);
#if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO)
/* extract the data and copy to temporary file
*/
fdTmp = open_tmp();
sh_unix_getline_stealth (0, NULL, 0); /* initialize */
while ( sh_unix_getline_stealth (fd, line_in, SH_LINE_IN-2) > 0) {
hidden_count++;
if (line_in[0] == '\n')
{
sl_write(fdTmp, line_in, 1);
}
else
{
sl_write_line(fdTmp, line_in, sl_strlen(line_in));
}
#if defined(WITH_GPG) || defined(WITH_PGP)
if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25))
break;
#else
if (0 == sl_strncmp(line_in, _("[EOF]"), 5))
break;
#endif
if (hidden_count > 1048576) /* arbitrary safeguard, 1024*1024 */
break;
}
sl_close(fd);
fd = fdTmp;
sl_rewind (fd);
#endif
#if defined(WITH_GPG) || defined(WITH_PGP)
/* extract the data and copy to temporary file
*/
fdGpg = sh_gpg_extract_signed(fd);
sl_close(fd);
fd = fdGpg;
/* Validate signature of open file.
*/
if (0 != sh_gpg_check_sign (fd, 0, 1))
{
SH_FREE(line_in);
aud_exit (FIL__, __LINE__, EXIT_FAILURE);
}
sl_rewind (fd);
#endif
/* --- Start reading lines. ---
*/
conf_line = 0;
while ( sh_unix_getline (fd, line_in, SH_LINE_IN-2) > 0) {
++conf_line;
line = &(line_in[0]);
/* fprintf(stderr, "<%s>\n", line); */
/* Sun May 27 18:40:05 CEST 2001
*/
#if defined(WITH_GPG) || defined(WITH_PGP)
if (signed_content == S_FALSE)
{
if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
signed_content = S_TRUE;
else
continue;
}
else if (true_content == S_FALSE)
{
if (line[0] == '\n')
true_content = S_TRUE;
else
continue;
}
else if (signed_content == S_TRUE)
{
if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----")))
break;
else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----")))
{
sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN,
_("second signed message in file"),
_("sh_readconf_read"));
dlog(1, FIL__, __LINE__,
_("There seems to be more than one signed message in the configuration\nfile. Please make sure there is only one signed message.\n"));
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1,
sh.prg_name);
SH_FREE(line_in);
aud_exit (FIL__, __LINE__,EXIT_FAILURE);
}
}
#endif
/* Skip leading white space.
*/
while (isspace((int)*line)) ++line;
/* Skip header etc.
*/
if (line[0] == '#' || line[0] == '\0' || line[0] == ';' ||
(line[0] == '/' && line[1] == '/'))
continue;
/* Clip off trailing white space.
*/
tmp = line + sl_strlen( line ); --tmp;
while( isspace((int) *tmp ) && tmp >= line ) *tmp-- = '\0';
/* --- an @host/@if/$system directive -------------- */
if (line[0] == '@' || (line[0] == '!' && line[1] == '@') ||
line[0] == '$' || (line[0] == '!' && line[1] == '$'))
{
if (sh_readconf_is_end(line))
{
if (0 == cond_depth) {
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
_("config file"),
(long) conf_line);
}
else {
if (cond_excl == cond_depth)
cond_excl = 0;
--cond_depth;
}
}
else if (sh_readconf_is_else(line))
{
if (0 == cond_depth) {
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALD,
_("config file"),
(long) conf_line);
}
else if (cond_excl == cond_depth) {
cond_excl = 0;
}
else if (cond_excl == 0) {
cond_excl = cond_depth;
}
}
else
{
if (sh_readconf_cond_match(line, conf_line)) {
++cond_depth;
}
else {
++cond_depth;
if (cond_excl == 0)
cond_excl = cond_depth;
}
}
continue;
}
/****************************************************
*
* Only carry on if this section is intended for us
*
****************************************************/
if (cond_excl != 0) {
continue;
}
/* ------- starts a section ------------ */
else if (line[0] == '[')
{
read_mode = SH_SECTION_NONE;
if (0 == sl_strncasecmp (line, _("[EOF]"), 5)) {
goto nopel;
}
i = 0;
while (tab_ListSections[i].name != 0)
{
if (sl_strncasecmp (line, _(tab_ListSections[i].name),
sl_strlen(tab_ListSections[i].name)) == 0)
{
read_mode = tab_ListSections[i].type;
break;
}
++i;
}
#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
if (read_mode == SH_SECTION_NONE)
{
for (modnum = 0; modList[modnum].name != NULL; ++modnum)
{
if (0 == sl_strncasecmp (line, _(modList[modnum].conf_section),
sl_strlen(modList[modnum].conf_section)) )
read_mode = SH_SECTION_OTHER;
}
}
#endif
if (read_mode == SH_SECTION_NONE)
{
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALHEAD,
(long) conf_line);
}
}
/* --- an %schedule directive ------------ */
else if (line[0] == '%' || (line[0] == '!' && line[1] == '%'))
{
#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
if (line[0] == '!' && 0 == sl_strcasecmp(&(line[2]), _("SCHEDULE_TWO")))
set_dirList(1);
else if (0 == sl_strcasecmp(&(line[1]), _("SCHEDULE_TWO")))
set_dirList(2);
#else
;
#endif
}
/* ------ no new section -------------- */
else if (read_mode != SH_SECTION_NONE)
{
if (0 != sh_readconfig_line (line))
{
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALCONF,
(long) conf_line);
}
}
} /* while getline() */
nopel:
if (0 != cond_depth)
sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EINVALDD,
_("config file"),
(long) conf_line);
sl_close (fd);
sh_error_fixup();
read_mode = SH_SECTION_NONE; /* reset b/o sighup reload */
SH_FREE(line_in);
SL_RETURN( 0, _("sh_readconf_read"));
}
