From f993d6e72c6246edb30ca90415e448989e0d5fd5 Mon Sep 17 00:00:00 2001
From: Kevin Enderby <enderby@apple.com>
Date: Tue, 4 Oct 2016 20:37:43 +0000
Subject: [PATCH] Next set of additional error checks for invalid Mach-O files
 for the load commands that uses the MachO::encryption_info_command and
 MachO::encryption_info_command types but not used in llvm libObject code but
 used in llvm tool code.

This includes just LC_ENCRYPTION_INFO and
LC_ENCRYPTION_INFO_64 load commands.

llvm-svn: 283250
---
 llvm/lib/Object/MachOObjectFile.cpp           |  47 ++++++++++++++++++
 .../Inputs/macho-invalid-encrypt-bad-size     | Bin 0 -> 52 bytes
 .../Inputs/macho-invalid-encrypt-cryptoff     | Bin 0 -> 48 bytes
 .../macho-invalid-encrypt-more-than-one       | Bin 0 -> 72 bytes
 .../Inputs/macho-invalid-encrypt64-bad-size   | Bin 0 -> 56 bytes
 ...macho-invalid-encrypt64-cryptoff-cryptsize | Bin 0 -> 52 bytes
 llvm/test/Object/macho-invalid.test           |  15 ++++++
 7 files changed, 62 insertions(+)
 create mode 100644 llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size
 create mode 100644 llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff
 create mode 100644 llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one
 create mode 100644 llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size
 create mode 100644 llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize

diff --git a/llvm/lib/Object/MachOObjectFile.cpp b/llvm/lib/Object/MachOObjectFile.cpp
index fcd7099954a7..b5d1f934b637 100644
--- a/llvm/lib/Object/MachOObjectFile.cpp
+++ b/llvm/lib/Object/MachOObjectFile.cpp
@@ -698,6 +698,30 @@ static Error checkRpathCommand(const MachOObjectFile *Obj,
   return Error::success();
 }
 
+static Error checkEncryptCommand(const MachOObjectFile *Obj,
+                                 const MachOObjectFile::LoadCommandInfo &Load,
+                                 uint32_t LoadCommandIndex,
+                                 uint64_t cryptoff, uint64_t cryptsize,
+                                 const char **LoadCmd, const char *CmdName) {
+  if (*LoadCmd != nullptr)
+    return malformedError("more than one LC_ENCRYPTION_INFO and or "
+                          "LC_ENCRYPTION_INFO_64 command");
+  uint64_t FileSize = Obj->getData().size();
+  if (cryptoff > FileSize)
+    return malformedError("cryptoff field of " + Twine(CmdName) +
+                          " command " + Twine(LoadCommandIndex) + " extends "
+                          "past the end of the file");
+  uint64_t BigSize = cryptoff;
+  BigSize += cryptsize;
+  if (BigSize > FileSize)
+    return malformedError("cryptoff field plus cryptsize field of " +
+                          Twine(CmdName) + " command " +
+                          Twine(LoadCommandIndex) + " extends past the end of "
+                          "the file");
+  *LoadCmd = Load.Ptr;
+  return Error::success();
+}
+
 Expected<std::unique_ptr<MachOObjectFile>>
 MachOObjectFile::create(MemoryBufferRef Object, bool IsLittleEndian,
                         bool Is64Bits) {
@@ -752,6 +776,7 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
   const char *VersLoadCmd = nullptr;
   const char *SourceLoadCmd = nullptr;
   const char *EntryPointLoadCmd = nullptr;
+  const char *EncryptLoadCmd = nullptr;
   for (unsigned I = 0; I < LoadCommandCount; ++I) {
     if (is64Bit()) {
       if (Load.C.cmdsize % 8 != 0) {
@@ -903,6 +928,28 @@ MachOObjectFile::MachOObjectFile(MemoryBufferRef Object, bool IsLittleEndian,
         return;
       }
       EntryPointLoadCmd = Load.Ptr;
+    } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO) {
+      if (Load.C.cmdsize != sizeof(MachO::encryption_info_command)) {
+        Err = malformedError("LC_ENCRYPTION_INFO command " + Twine(I) +
+                             " has incorrect cmdsize");
+        return;
+      }
+      MachO::encryption_info_command E =
+        getStruct<MachO::encryption_info_command>(this, Load.Ptr);
+      if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize,
+                                     &EncryptLoadCmd, "LC_ENCRYPTION_INFO")))
+        return;
+    } else if (Load.C.cmd == MachO::LC_ENCRYPTION_INFO_64) {
+      if (Load.C.cmdsize != sizeof(MachO::encryption_info_command_64)) {
+        Err = malformedError("LC_ENCRYPTION_INFO_64 command " + Twine(I) +
+                             " has incorrect cmdsize");
+        return;
+      }
+      MachO::encryption_info_command_64 E =
+        getStruct<MachO::encryption_info_command_64>(this, Load.Ptr);
+      if ((Err = checkEncryptCommand(this, Load, I, E.cryptoff, E.cryptsize,
+                                     &EncryptLoadCmd, "LC_ENCRYPTION_INFO_64")))
+        return;
     }
     if (I < LoadCommandCount - 1) {
       if (auto LoadOrErr = getNextLoadCommandInfo(this, I, Load))
diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size b/llvm/test/Object/Inputs/macho-invalid-encrypt-bad-size
new file mode 100644
index 0000000000000000000000000000000000000000..21204650f0a8b9dca4133ee0498622b6905fe72d
GIT binary patch
literal 52
gcmX^2>+L^w1_lOZAZCPO0U!+mia-owg9V@j0K+;20RR91

literal 0
HcmV?d00001

diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff b/llvm/test/Object/Inputs/macho-invalid-encrypt-cryptoff
new file mode 100644
index 0000000000000000000000000000000000000000..9ac14e28982edf02b3e213e32a4cc767c2eb35fd
GIT binary patch
literal 48
hcmX^2>+L^w1_lOZAZCPO5g-i$ia-ovn}Ik`006db1U~=(

literal 0
HcmV?d00001

diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one b/llvm/test/Object/Inputs/macho-invalid-encrypt-more-than-one
new file mode 100644
index 0000000000000000000000000000000000000000..f5829da1917d49848e6231ab05e11ae3c14f19eb
GIT binary patch
literal 72
ocmX^2>+L^w1_lOZAZ7$&CLq=UVh~USVi7P4L4f2W5L`G503YQ9W&i*H

literal 0
HcmV?d00001

diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size b/llvm/test/Object/Inputs/macho-invalid-encrypt64-bad-size
new file mode 100644
index 0000000000000000000000000000000000000000..945a6c3587c105c13413a53f5d979390145b5d0f
GIT binary patch
literal 56
gcmX^2>+L^w1_lOZAZCPO5g-i$IzS9#g9VTX0M%jy6aWAK

literal 0
HcmV?d00001

diff --git a/llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize b/llvm/test/Object/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize
new file mode 100644
index 0000000000000000000000000000000000000000..756de66704d324bf7f384632989faa407db4cded
GIT binary patch
literal 52
jcmX^2>+L^w1_lOZAZCPO2_OvuIzS9!n*cEj5W@ff$x;MV

literal 0
HcmV?d00001

diff --git a/llvm/test/Object/macho-invalid.test b/llvm/test/Object/macho-invalid.test
index 9c902aff8145..cf85dac689d2 100644
--- a/llvm/test/Object/macho-invalid.test
+++ b/llvm/test/Object/macho-invalid.test
@@ -334,3 +334,18 @@ INVALID-ENTRY-BAD-SIZE: macho-invalid-entry-bad-size': truncated or malformed ob
 
 RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-entry-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENTRY-MORE-THAN-ONE %s
 INVALID-ENTRY-MORE-THAN-ONE: macho-invalid-entry-more-than-one': truncated or malformed object (more than one LC_MAIN command)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-BAD-SIZE %s
+INVALID-ENCRYPT-BAD-SIZE: macho-invalid-encrypt-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO command 0 has incorrect cmdsize)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-bad-size 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT64-BAD-SIZE %s
+INVALID-ENCRYPT64-BAD-SIZE: macho-invalid-encrypt64-bad-size': truncated or malformed object (LC_ENCRYPTION_INFO_64 command 0 has incorrect cmdsize)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-more-than-one 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-MORE-THAN-ONE %s
+INVALID-ENCRYPT-MORE-THAN-ONE: macho-invalid-encrypt-more-than-one': truncated or malformed object (more than one LC_ENCRYPTION_INFO and or LC_ENCRYPTION_INFO_64 command)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt-cryptoff 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF %s
+INVALID-ENCRYPT-CRYPTOFF: macho-invalid-encrypt-cryptoff': truncated or malformed object (cryptoff field of LC_ENCRYPTION_INFO command 0 extends past the end of the file)
+
+RUN: not llvm-objdump -macho -private-headers %p/Inputs/macho-invalid-encrypt64-cryptoff-cryptsize 2>&1 | FileCheck -check-prefix INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE %s
+INVALID-ENCRYPT-CRYPTOFF-CRYPTSIZE: macho-invalid-encrypt64-cryptoff-cryptsize': truncated or malformed object (cryptoff field plus cryptsize field of LC_ENCRYPTION_INFO_64 command 0 extends past the end of the file)