verify that file is ELF in qt_unix_query()

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>

diff --git a/src/core/plugin/qlibrary.cpp b/src/core/plugin/qlibrary.cpp
index 3b55ec6..32a8a9e 100644 (file)
--- a/src/core/plugin/qlibrary.cpp
+++ b/src/core/plugin/qlibrary.cpp
@@ -59,9 +59,11 @@
 #  if QT_POINTER_SIZE == 8
 #    define QT_ELF_EHDR_TYPE Elf64_Ehdr
 #    define QT_ELF_SHDR_TYPE Elf64_Shdr
+#    define QT_ELF_CLASS_TYPE ELFCLASS64
 #  else
 #    define QT_ELF_EHDR_TYPE Elf32_Ehdr
 #    define QT_ELF_SHDR_TYPE Elf32_Shdr
+#    define QT_ELF_CLASS_TYPE ELFCLASS32
 #  endif
 #endif
 
@@ -171,11 +173,22 @@ static bool qt_unix_query(const QString &library, uint *version, QLibraryPrivate
         return false;
     }
 
+    qint64 datalen = file.size();
     const char *filedata = reinterpret_cast<char*>(file.map(0, file.size()));
     if (filedata == 0) {
         // try reading the data into memory instead
         const QByteArray data = file.readAll();
         filedata = data.constData();
+        datalen = data.size();
+    }
+
+    // basic ELF checks to avoid crashing
+    if (datalen < EI_CLASS || qstrncmp(filedata, ELFMAG, SELFMAG) != 0) {
+        lib->errorString = QLibrary::tr("'%1' is not ELF file").arg(library);
+        return false;
+    } else if (filedata[EI_CLASS] != QT_ELF_CLASS_TYPE) {
+        lib->errorString = QLibrary::tr("ELF class mismatch in '%1'").arg(library);
+        return false;
     }
 
     // ELF binaries build with GNU or Clang have .ktplugin section

diff --git a/translations/qt.pot b/translations/qt.pot
index 2ebfa0a..ef4332e 100644 (file)
--- a/translations/qt.pot
+++ b/translations/qt.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-12-15 11:23+0000\n"
+"POT-Creation-Date: 2020-12-15 15:47+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,24 +17,32 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: src/core/plugin/qlibrary.cpp:201
+#: src/core/plugin/qlibrary.cpp:187
+msgid "'%1' is not ELF file"
+msgstr ""
+
+#: src/core/plugin/qlibrary.cpp:190
+msgid "ELF class mismatch in '%1'"
+msgstr ""
+
+#: src/core/plugin/qlibrary.cpp:214
 msgid "Plugin verification data mismatch in '%1'"
 msgstr ""
 
-#: src/core/plugin/qlibrary.cpp:413 src/core/plugin/qlibrary.cpp:448
+#: src/core/plugin/qlibrary.cpp:426 src/core/plugin/qlibrary.cpp:461
 #: src/core/plugin/qpluginloader.cpp:274
 msgid "The shared library was not found."
 msgstr ""
 
-#: src/core/plugin/qlibrary.cpp:450
+#: src/core/plugin/qlibrary.cpp:463
 msgid "The file '%1' is not a valid Katie plugin."
 msgstr ""
 
-#: src/core/plugin/qlibrary.cpp:463
+#: src/core/plugin/qlibrary.cpp:476
 msgid "The plugin uses incompatible Katie library: %1 (%2, %3)"
 msgstr ""
 
-#: src/core/plugin/qlibrary.cpp:796 src/core/plugin/qpluginloader.cpp:291
+#: src/core/plugin/qlibrary.cpp:809 src/core/plugin/qpluginloader.cpp:291
 #: src/core/io/qiodevice.cpp:1541 src/network/ssl/qsslerror.cpp:261
 #: src/network/kernel/qhostinfo_unix.cpp:128
 #: src/network/kernel/qhostinfo_unix.cpp:247

diff --git a/translations/qt_tools.pot b/translations/qt_tools.pot
index e3c789d..89cdd38 100644 (file)
--- a/translations/qt_tools.pot
+++ b/translations/qt_tools.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-12-15 11:23+0000\n"
+"POT-Creation-Date: 2020-12-15 15:47+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"