View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000543 | file | General | public | 2024-07-19 21:03 | 2024-07-19 21:03 |
| Reporter | matshch | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 5.45 | ||||
| Summary | 0000543: libmagic misinterprets ELFs with large dynamic section for shared objects | ||||
| Description | If dynamic section of ELF is longer than BUFSIZ and DT_FLAGS_1 is located after the BUFSIZ bytes in it, libmagic stops parsing that section and leaves executable bits in mode not set, resulting in wrong type returned. At least an error should be shown in this case (instead of the silent break), ideally parsed segment size should be configurable. | ||||
| Steps To Reproduce | You need an ELF file compiled with PIE enabled and with a large enough dynamic section so that DT_FLAGS_1 will be pushed off the default buffer size. For example, the next Python script adds enough dynamic entries for x86_64 Ubuntu 22.04 (with 64-bit binaries and BUFSIZ=8192): import lief binary = lief.parse("src/.libs/file") for i in range(512): binary.add(lief.ELF.DynamicEntry(lief.ELF.DYNAMIC_TAGS.DEBUG, 0)) binary.write("src/.libs/file.modified") After that the binary is still perfectly executable, but file shows that it is a shared object now: $ LD_LIBRARY_PATH=/home/vscode/file-5.45/src/.libs /home/vscode/file-5.45/src/.libs/file.modified /home/vscode/file-5.45/src/.libs/file.modified /home/vscode/file-5.45/src/.libs/file.modified: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a31a2fb4464bda32350a23fabbd2918fcaa59f06, for GNU/Linux 3.2.0, with debug_info, not stripped Increasing size of the nbuf in dophn_exec is enough for file to tell that it is a pie executable. | ||||
| Additional Information | file-5.41 is also affected, probably some older versions too. | ||||
| Tags | bug, magic | ||||
