eresi icon indicating copy to clipboard operation
eresi copied to clipboard
verified publisher icon thorkill

ELFsh cannot save binaries with corrupted headers

Open thorkill opened this issue 9 years ago • 1 comments

ELFsh will fail to save binaries with incorrect headers. Some fields are specially vulnerable to this because they are used in elfsh_store_obj().

e_shstrndx e_ehsize e_phentsize e_phnum e_phoff e_shoff e_shentsize e_shnum

In section header:

sh_size sh_offset

An alternative saving function should be coded for saving intentionally corrupted binaries. For example elfsh_store_corrupted_obj(). It remains quite a challenge to be able to save a binary without relying on those fields. Basically anyone changing the size field of a section would get the program unstable.

While it seems interesting to fix that bug for generating ELF fuzzers in the future, the fixing cost seems pretty expensive as a new saving full-of-checks function has to be implemented, and a check needs to be performed each time one of those fields is used.

Ticket: 53 Reported by: on Thu Apr 3 02:21:47 2008

thorkill avatar Apr 23 '16 21:04 thorkill

[thorkill] Thank you for this info, could you patch it for us (it should be done in no time)?

Happy Coding, /me

thorkill avatar Apr 23 '16 21:04 thorkill