From 6b6afc1bd7883e411364da185e7df4a96eceec5f Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Fri, 21 Aug 2020 09:42:17 -0400 Subject: [PATCH 1/5] Fix #54, Restrict destination file permissions --- elf2cfetbl.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/elf2cfetbl.c b/elf2cfetbl.c index ab104f6..c16d760 100644 --- a/elf2cfetbl.c +++ b/elf2cfetbl.c @@ -1439,6 +1439,8 @@ int32 OpenSrcFile(void) int32 OpenDstFile(void) { + struct stat dststat; + // Check to see if output file can be opened and written DstFileDesc = fopen(DstFilename, "w"); @@ -1448,6 +1450,17 @@ int32 OpenDstFile(void) return FAILED; } + /* Fix file if too permissive (CWE-732) */ + if (stat(DstFilename, &dststat) == 0) + { + if (Verbose) + printf("%s: Destination file permissions after open = 0x%X\n", DstFilename, dststat.st_mode); + chmod(DstFilename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)); + stat(DstFilename, &dststat); + if (Verbose) + printf("%s: Destination file permissions after chmod = 0x%X\n", DstFilename, dststat.st_mode); + } + return SUCCESS; } From d28f01873d6c93517805dc4e5511e3d4989b2bd0 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Fri, 21 Aug 2020 14:05:30 -0400 Subject: [PATCH 2/5] Fix #56, Squash int comparison warning --- elf2cfetbl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elf2cfetbl.c b/elf2cfetbl.c index ab104f6..6d4aef6 100644 --- a/elf2cfetbl.c +++ b/elf2cfetbl.c @@ -929,7 +929,7 @@ int32 ProcessCmdLineOptions(int ArgumentCount, char *Arguments[]) int32 Status = SUCCESS; bool InputFileSpecified = false; bool OutputFileSpecified = false; - int16 i = 1; + int i = 1; char * EndPtr; uint32 MaxDay; struct tm FileEpochTm; From 03b05b51a22778e928a9706acb8036cf66c30196 Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Mon, 24 Aug 2020 14:37:46 -0400 Subject: [PATCH 3/5] Fix #58, Replace ctime with ctime_r --- elf2cfetbl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/elf2cfetbl.c b/elf2cfetbl.c index ab104f6..d96aee1 100644 --- a/elf2cfetbl.c +++ b/elf2cfetbl.c @@ -1404,7 +1404,8 @@ int32 GetDstFilename(void) int32 OpenSrcFile(void) { - int RtnCode; + int RtnCode; + char TimeBuff[50]; // Check to see if input file can be found and opened SrcFileDesc = fopen(SrcFilename, "r"); @@ -1422,10 +1423,11 @@ int32 OpenSrcFile(void) SrcFileTimeInScEpoch = SrcFileStats.st_mtime + EpochDelta; if (Verbose) - printf("Original Source File Modification Time: %s\n", ctime(&SrcFileStats.st_mtime)); - if (Verbose) + { + printf("Original Source File Modification Time: %s\n", ctime_r(&SrcFileStats.st_mtime, TimeBuff)); printf("Source File Modification Time in Seconds since S/C Epoch: %ld (0x%08lX)\n", SrcFileTimeInScEpoch, SrcFileTimeInScEpoch); + } } else { From 8845df7d5b7c3d116b502ee6eb064817ed75252d Mon Sep 17 00:00:00 2001 From: Jacob Hageman Date: Mon, 24 Aug 2020 14:57:42 -0400 Subject: [PATCH 4/5] Fix #60, Deconflict global and local parameters --- elf2cfetbl.c | 92 ++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/elf2cfetbl.c b/elf2cfetbl.c index ab104f6..64e4ee9 100644 --- a/elf2cfetbl.c +++ b/elf2cfetbl.c @@ -90,8 +90,8 @@ void PrintSymbol32(union Elf_Sym *Symbol); void PrintSymbol64(union Elf_Sym *Symbol); void PrintSectionHeader32(union Elf_Shdr *SectionHeader); void PrintSectionHeader64(union Elf_Shdr *SectionHeader); -void PrintElfHeader32(union Elf_Ehdr ElfHeader); -void PrintElfHeader64(union Elf_Ehdr ElfHeader); +void PrintElfHeader32(union Elf_Ehdr ElfHeaderLcl); +void PrintElfHeader64(union Elf_Ehdr ElfHeaderLcl); /** * Global Variables @@ -357,75 +357,75 @@ ElfStrMap e_machine_Map[] = { }; // Elf Header helper functions -uint8_t get_e_ident(const union Elf_Ehdr *ElfHeader, int index) +uint8_t get_e_ident(const union Elf_Ehdr *ElfHeaderLcl, int index) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_ident[index]; + return ElfHeaderLcl->Ehdr32.e_ident[index]; } else { - return ElfHeader->Ehdr64.e_ident[index]; + return ElfHeaderLcl->Ehdr64.e_ident[index]; } } -uint16_t get_e_type(const union Elf_Ehdr *ElfHeader) +uint16_t get_e_type(const union Elf_Ehdr *ElfHeaderLcl) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_type; + return ElfHeaderLcl->Ehdr32.e_type; } else { - return ElfHeader->Ehdr64.e_type; + return ElfHeaderLcl->Ehdr64.e_type; } } -uint16_t get_e_machine(const union Elf_Ehdr *ElfHeader) +uint16_t get_e_machine(const union Elf_Ehdr *ElfHeaderLcl) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_machine; + return ElfHeaderLcl->Ehdr32.e_machine; } else { - return ElfHeader->Ehdr64.e_machine; + return ElfHeaderLcl->Ehdr64.e_machine; } } -uint32_t get_e_version(const union Elf_Ehdr *ElfHeader) +uint32_t get_e_version(const union Elf_Ehdr *ElfHeaderLcl) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_version; + return ElfHeaderLcl->Ehdr32.e_version; } else { - return ElfHeader->Ehdr64.e_version; + return ElfHeaderLcl->Ehdr64.e_version; } } -uint16_t get_e_shstrndx(const union Elf_Ehdr *ElfHeader) +uint16_t get_e_shstrndx(const union Elf_Ehdr *ElfHeaderLcl) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_shstrndx; + return ElfHeaderLcl->Ehdr32.e_shstrndx; } else { - return ElfHeader->Ehdr64.e_shstrndx; + return ElfHeaderLcl->Ehdr64.e_shstrndx; } } -uint16_t get_e_shnum(const union Elf_Ehdr *ElfHeader) +uint16_t get_e_shnum(const union Elf_Ehdr *ElfHeaderLcl) { if (TargetWordsizeIs32Bit) { - return ElfHeader->Ehdr32.e_shnum; + return ElfHeaderLcl->Ehdr32.e_shnum; } else { - return ElfHeader->Ehdr64.e_shnum; + return ElfHeaderLcl->Ehdr64.e_shnum; } } @@ -2007,58 +2007,58 @@ void PrintSectionHeader64(union Elf_Shdr *SectionHeader) printf(" sh_entsize = 0x%08lx\n", (long unsigned int)SectionHeader->Shdr64.sh_entsize); } -void PrintElfHeader32(union Elf_Ehdr ElfHeader) +void PrintElfHeader32(union Elf_Ehdr ElfHeaderLcl) { if (Verbose) - printf(" e_version = %d\n", get_e_version(&ElfHeader)); + printf(" e_version = %d\n", get_e_version(&ElfHeaderLcl)); if (Verbose) - printf(" e_entry = 0x%x\n", ElfHeader.Ehdr32.e_entry); + printf(" e_entry = 0x%x\n", ElfHeaderLcl.Ehdr32.e_entry); if (Verbose) - printf(" e_phoff = 0x%08x (%u)\n", ElfHeader.Ehdr32.e_phoff, ElfHeader.Ehdr32.e_phoff); + printf(" e_phoff = 0x%08x (%u)\n", ElfHeaderLcl.Ehdr32.e_phoff, ElfHeaderLcl.Ehdr32.e_phoff); if (Verbose) - printf(" e_shoff = 0x%08x (%u)\n", ElfHeader.Ehdr32.e_shoff, ElfHeader.Ehdr32.e_shoff); + printf(" e_shoff = 0x%08x (%u)\n", ElfHeaderLcl.Ehdr32.e_shoff, ElfHeaderLcl.Ehdr32.e_shoff); if (Verbose) - printf(" e_flags = 0x%08x\n", ElfHeader.Ehdr32.e_flags); + printf(" e_flags = 0x%08x\n", ElfHeaderLcl.Ehdr32.e_flags); if (Verbose) - printf(" e_ehsize = %d\n", ElfHeader.Ehdr32.e_ehsize); + printf(" e_ehsize = %d\n", ElfHeaderLcl.Ehdr32.e_ehsize); if (Verbose) - printf(" e_phentsize = %d\n", ElfHeader.Ehdr32.e_phentsize); + printf(" e_phentsize = %d\n", ElfHeaderLcl.Ehdr32.e_phentsize); if (Verbose) - printf(" e_phnum = %d\n", ElfHeader.Ehdr32.e_phnum); + printf(" e_phnum = %d\n", ElfHeaderLcl.Ehdr32.e_phnum); if (Verbose) - printf(" e_shentsize = %d\n", ElfHeader.Ehdr32.e_shentsize); + printf(" e_shentsize = %d\n", ElfHeaderLcl.Ehdr32.e_shentsize); if (Verbose) - printf(" e_shnum = %d\n", get_e_shnum(&ElfHeader)); + printf(" e_shnum = %d\n", get_e_shnum(&ElfHeaderLcl)); if (Verbose) - printf(" e_shstrndx = %d\n", get_e_shstrndx(&ElfHeader)); + printf(" e_shstrndx = %d\n", get_e_shstrndx(&ElfHeaderLcl)); } -void PrintElfHeader64(union Elf_Ehdr ElfHeader) +void PrintElfHeader64(union Elf_Ehdr ElfHeaderLcl) { if (Verbose) - printf(" e_version = %d\n", get_e_version(&ElfHeader)); + printf(" e_version = %d\n", get_e_version(&ElfHeaderLcl)); if (Verbose) - printf(" e_entry = 0x%lx\n", (long unsigned int)ElfHeader.Ehdr64.e_entry); + printf(" e_entry = 0x%lx\n", (long unsigned int)ElfHeaderLcl.Ehdr64.e_entry); if (Verbose) - printf(" e_phoff = 0x%08lx (%lu)\n", (long unsigned int)ElfHeader.Ehdr64.e_phoff, - (long unsigned int)ElfHeader.Ehdr64.e_phoff); + printf(" e_phoff = 0x%08lx (%lu)\n", (long unsigned int)ElfHeaderLcl.Ehdr64.e_phoff, + (long unsigned int)ElfHeaderLcl.Ehdr64.e_phoff); if (Verbose) - printf(" e_shoff = 0x%08lx (%lu)\n", (long unsigned int)ElfHeader.Ehdr64.e_shoff, - (long unsigned int)ElfHeader.Ehdr64.e_shoff); + printf(" e_shoff = 0x%08lx (%lu)\n", (long unsigned int)ElfHeaderLcl.Ehdr64.e_shoff, + (long unsigned int)ElfHeaderLcl.Ehdr64.e_shoff); if (Verbose) - printf(" e_flags = 0x%08x\n", ElfHeader.Ehdr64.e_flags); + printf(" e_flags = 0x%08x\n", ElfHeaderLcl.Ehdr64.e_flags); if (Verbose) - printf(" e_ehsize = %d\n", ElfHeader.Ehdr64.e_ehsize); + printf(" e_ehsize = %d\n", ElfHeaderLcl.Ehdr64.e_ehsize); if (Verbose) - printf(" e_phentsize = %d\n", ElfHeader.Ehdr64.e_phentsize); + printf(" e_phentsize = %d\n", ElfHeaderLcl.Ehdr64.e_phentsize); if (Verbose) - printf(" e_phnum = %d\n", ElfHeader.Ehdr64.e_phnum); + printf(" e_phnum = %d\n", ElfHeaderLcl.Ehdr64.e_phnum); if (Verbose) - printf(" e_shentsize = %d\n", ElfHeader.Ehdr64.e_shentsize); + printf(" e_shentsize = %d\n", ElfHeaderLcl.Ehdr64.e_shentsize); if (Verbose) - printf(" e_shnum = %d\n", get_e_shnum(&ElfHeader)); + printf(" e_shnum = %d\n", get_e_shnum(&ElfHeaderLcl)); if (Verbose) - printf(" e_shstrndx = %d\n", get_e_shstrndx(&ElfHeader)); + printf(" e_shstrndx = %d\n", get_e_shstrndx(&ElfHeaderLcl)); } void SwapElfHeader(void) From 5323cbe3429f86c8564b30a8a7730a266810385e Mon Sep 17 00:00:00 2001 From: Yasir Khan Date: Tue, 1 Sep 2020 14:02:42 -0400 Subject: [PATCH 5/5] Increase version to v3.2.0+dev9, update readme NOTE: Build baseline changed to v3.2.0-rc1 --- README.md | 7 +++++++ elf2cfetbl_version.h | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7a74c48..19e2cfc 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,13 @@ See README.txt for more information. ## Version History +### Development Build: v3.2.0+dev9 +- Restricts destination file permissions +- Squash int comparison warning +- Replace ctime (which generates LGTM warning) with ctime_r +- Deconflicts global/local parameters +- See + ### Development Build: v3.1.0+dev39 - Adds a null to the end of SrcFilename and DstFilename when using strncpy. diff --git a/elf2cfetbl_version.h b/elf2cfetbl_version.h index 27fbb99..01e235e 100644 --- a/elf2cfetbl_version.h +++ b/elf2cfetbl_version.h @@ -31,8 +31,8 @@ /* * Development Build Macro Definitions */ -#define ELF2CFETBL_BUILD_NUMBER 39 /*!< @brief Number of commits since baseline */ -#define ELF2CFETBL_BUILD_BASELINE "v3.1.0+dev" /*!< @brief Development Build: git tag that is the base for the current */ +#define ELF2CFETBL_BUILD_NUMBER 9 /*!< @brief Number of commits since baseline */ +#define ELF2CFETBL_BUILD_BASELINE "v3.2.0-rc1" /*!< @brief Development Build: git tag that is the base for the current */ /* * Version Macro Definitions