From 9aaaa651d924eb30e46f26690aea007b7d868e35 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard <nocbos@gmail.com> Date: Thu, 6 Sep 2018 22:45:36 +0200 Subject: Fixed possible UAFs when adding symbols. --- plugins/elf/strings.c | 5 +++++ plugins/pychrysalide/format/format.c | 1 + plugins/readelf/strtab.c | 5 +++++ 3 files changed, 11 insertions(+) diff --git a/plugins/elf/strings.c b/plugins/elf/strings.c index 4d6b5c8..7dd644e 100644 --- a/plugins/elf/strings.c +++ b/plugins/elf/strings.c @@ -356,6 +356,9 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys range = g_arch_instruction_get_range(instr); symbol = g_string_symbol_new_read_only(base, range, SET_GUESS); + + g_object_ref(G_OBJECT(symbol)); + g_binary_format_add_symbol(base, symbol); /* Jointure avec la chaîne précédente ? */ @@ -368,6 +371,8 @@ static bool do_elf_string_loading(GElfLoading *loading, GElfFormat *format, phys if (cut) g_string_symbol_build_label(G_STR_SYMBOL(symbol), base); + g_object_unref(G_OBJECT(symbol)); + } /* Conclusion */ diff --git a/plugins/pychrysalide/format/format.c b/plugins/pychrysalide/format/format.c index bf6c3f1..af881af 100644 --- a/plugins/pychrysalide/format/format.c +++ b/plugins/pychrysalide/format/format.c @@ -130,6 +130,7 @@ static PyObject *py_binary_format_add_symbol(PyObject *self, PyObject *args) format = G_BIN_FORMAT(pygobject_get(self)); symbol = G_BIN_SYMBOL(pygobject_get(symbol_obj)); + g_object_ref(G_OBJECT(symbol)); added = g_binary_format_add_symbol(format, symbol); result = added ? Py_True : Py_False; diff --git a/plugins/readelf/strtab.c b/plugins/readelf/strtab.c index 3cbe353..7645dec 100644 --- a/plugins/readelf/strtab.c +++ b/plugins/readelf/strtab.c @@ -113,6 +113,9 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const irange = g_arch_instruction_get_range(instr); symbol = g_string_symbol_new_read_only(base, irange, SET_GUESS); + + g_object_ref(G_OBJECT(symbol)); + g_binary_format_add_symbol(base, symbol); /* Jointure avec la chaîne précédente ? */ @@ -120,6 +123,8 @@ static void parse_elf_string_table(GElfFormat *format, GPreloadInfo *info, const if (cut) g_string_symbol_build_label(G_STR_SYMBOL(symbol), base); + g_object_unref(G_OBJECT(symbol)); + } /* Conclusion */ -- cgit v0.11.2-87-g4458