Prevent out-of-bounds array access with binaries that use unsupported

relocations.

ok guenther@

diff --git a/libexec/ld.so/amd64/rtld_machine.c b/libexec/ld.so/amd64/rtld_machine.c
index 6c8e9da..d2bf67c 100644 (file)
--- a/libexec/ld.so/amd64/rtld_machine.c
+++ b/libexec/ld.so/amd64/rtld_machine.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rtld_machine.c,v 1.40 2022/01/08 06:49:41 guenther Exp $ */
+/*     $OpenBSD: rtld_machine.c,v 1.41 2022/05/01 11:03:48 kettenis Exp $ */
 
 /*
  * Copyright (c) 2002,2004 Dale Rahn
@@ -75,6 +75,8 @@
 #include "util.h"
 #include "resolve.h"
 
+#define nitems(_a)     (sizeof((_a)) / sizeof((_a)[0]))
+
 int64_t pcookie __attribute__((section(".openbsd.randomdata"))) __dso_hidden;
 
 /*
@@ -132,7 +134,8 @@ static const int reloc_target_flags[] = {
 #define RELOC_USE_ADDEND(t)            ((reloc_target_flags[t] & _RF_A) != 0)
 #define RELOC_TARGET_SIZE(t)           ((reloc_target_flags[t] >> 8) & 0xff)
 #define RELOC_VALUE_RIGHTSHIFT(t)      (reloc_target_flags[t] & 0xff)
-#define RELOC_ERROR(t)                 (reloc_target_flags[t] & _RF_E)
+#define RELOC_ERROR(t) \
+       ((t) >= nitems(reloc_target_flags) || (reloc_target_flags[t] & _RF_E))
 
 static const Elf_Addr reloc_target_bitmask[] = {
 #define _BM(x)  (~(Elf_Addr)0 >> ((8*sizeof(reloc_target_bitmask[0])) - (x)))