Mirror
/
upx
mirror of https://github.com/upx/upx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

M_LZMA with hi parameter bytes confused --ultra-brute 

https://github.com/upx/upx/issues/900
	modified:   packhead.cpp
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2025-03-20 09:48:00 -07:00
parent ff75a462a4
commit a25c20ee0b
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/p_lx_elf.cpp
View File

@ -1534,7 +1534,7 @@ PackLinuxElf32::buildLinuxLoader(
// SO_MAIN C-language supervision based on PT_LOADs
char sec[120]; memset(sec, 0, sizeof(sec)); // debug convenience
int len = 0;
unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
len += snprintf(sec, sizeof(sec), "%s", "SO_HEAD,ptr_NEXT,EXP_HEAD");
// Start of dasiy-chain fall-through.
@ -1586,7 +1586,7 @@ PackLinuxElf32::buildLinuxLoader(
initLoader(fold, szfold);
char sec[120]; memset(sec, 0, sizeof(sec)); // debug convenience
int len = 0;
unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
len += snprintf(sec, sizeof(sec), "%s", ".text,EXP_HEAD");
if (((1u<<M_NRV2B_LE32)|(1u<<M_NRV2B_8)|(1u<<M_NRV2B_LE16)) & m_decompr) {
len += snprintf(&sec[len], sizeof(sec) - len, ",%s", "NRV2B");
@ -1692,7 +1692,7 @@ PackLinuxElf32::buildLinuxLoader(
defineSymbols(ft);
}
else { // main program with ELF1 de-compressor
addStubEntrySections(ft, methods_used | (1u << ph_forced_method(ph.method)) );
addStubEntrySections(ft, methods_used | (1u << (0xFF & ph_forced_method(ph.method))) );
if (!xct_off) { // main program
defineSymbols(ft);
}
@ -1731,7 +1731,7 @@ PackLinuxElf64::buildLinuxLoader(
// SO_MAIN C-language supervision based on PT_LOADs
char sec[120]; memset(sec, 0, sizeof(sec)); // debug convenience
int len = 0;
unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
len += snprintf(sec, sizeof(sec), "%s", "SO_HEAD,ptr_NEXT,EXP_HEAD");
// Start of dasiy-chain fall-through.
@ -1776,7 +1776,7 @@ PackLinuxElf64::buildLinuxLoader(
initLoader(fold, szfold);
char sec[120]; memset(sec, 0, sizeof(sec)); // debug convenience
int len = 0;
unsigned m_decompr = methods_used | (1u << ph_forced_method(ph.method));
unsigned m_decompr = methods_used | (1u << (0xFF & ph_forced_method(ph.method)));
len += snprintf(sec, sizeof(sec), "%s", ".text,EXP_HEAD");
if (((1u<<M_NRV2B_LE32)|(1u<<M_NRV2B_8)|(1u<<M_NRV2B_LE16)) & m_decompr) {
len += snprintf(&sec[len], sizeof(sec) - len, ",%s", "NRV2B");
@ -1881,7 +1881,7 @@ PackLinuxElf64::buildLinuxLoader(
}
}
else { // main program with ELF1 de-compressor
addStubEntrySections(ft, methods_used | (1u << ph_forced_method(ph.method)) );
addStubEntrySections(ft, methods_used | (1u << (0xFF & ph_forced_method(ph.method))) );
if (!xct_off) { // main program
defineSymbols(ft);
}

5
src/packhead.cpp
View File

@ -47,7 +47,10 @@ void PackHeader::reset() noexcept {
int PackHeader::set_method(int m, unsigned offset) {
unsigned mc = ~(0x80u << 24) & m; // see ph_forced_method
if ((mc < M_NRV2B_LE32 || M_LZMA < mc) && ~0u != offset)
unsigned lo = 0xFF & m;
// See packer_c.cpp for "hi bytes" in M_LZMA_003 and M_LZMA_407.
// "hi bytes" are not allowed unless M_LZMA.
if ((lo < M_NRV2B_LE32 || M_LZMA < lo || (M_LZMA != lo && mc != lo)) && ~0u != offset)
throwCantPack("bad method %#x at %#x", (unsigned) m, offset);
return method = m;
}