netdump: fix regression for raw RAM dumpfiles

Commit f42db6a ("Support core files with "unusual" layout") increased the minimal file size from MIN_NETDUMP_ELF_HEADER_SIZE to SAFE_NETDUMP_ELF_HEADER_SIZE which can lead to crash rejecting raw RAM dumpfiles. Without the patch, the crash fails to start a session with the error message: /var/tmp/ramdump_elf_XXXXXX: ELF header read: No such file or directory crash: malformed ELF file: /var/tmp/ramdump_elf_XXXXXX Fix that by erroring out only if we get less than MIN_NETDUMP_ELF_HEADER_SIZE bytes. Signed-off-by: Qianli Zhao <zhaoqianli@xiaomi.com> Acked-and-tested-by: Mathias Krause <minipli@grsecurity.net>
crash-utility · Dec 23, 2020 · 31ca172 · 31ca172
1 parent 9c881ab
commit 31ca172
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/netdump.c b/netdump.c
@@ -119,7 +119,8 @@ is_netdump(char *file, ulong source_query)
 	Elf64_Phdr *load64;
 	char *eheader, *sect0;
 	char buf[BUFSIZE];
-	size_t size, len, tot;
+	ssize_t size;
+	size_t len, tot;
         Elf32_Off offset32;
         Elf64_Off offset64;
 	ulong format;
@@ -134,18 +135,22 @@ is_netdump(char *file, ulong source_query)
 
 	size = SAFE_NETDUMP_ELF_HEADER_SIZE;
         if ((eheader = (char *)malloc(size)) == NULL) {
-                fprintf(stderr, "cannot malloc minimum ELF header buffer\n");
+                fprintf(stderr, "cannot malloc ELF header buffer\n");
                 clean_exit(1);
         }
 
 	if (FLAT_FORMAT()) {
 		if (!read_flattened_format(fd, 0, eheader, size))
 			goto bailout;
 	} else {
-		if (read(fd, eheader, size) != size) {
+		size = read(fd, eheader, size);
+		if (size < 0) {
 			sprintf(buf, "%s: ELF header read", file);
 			perror(buf);
 			goto bailout;
+		} else if (size < MIN_NETDUMP_ELF_HEADER_SIZE) {
+			fprintf(stderr, "%s: file too small!\n", file);
+			goto bailout;
 		}
 	}