[apple/ld64.git] / src / machochecker.cpp

/* -*- mode: C++; c-basic-offset: 4; tab-width: 4 -*- 
 *
 * Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <stdarg.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <mach-o/loader.h>
#include <mach-o/fat.h>
#include <mach-o/stab.h>

#include <vector>

#include "MachOFileAbstraction.hpp"
#include "Architectures.hpp"


 __attribute__((noreturn))
void throwf(const char* format, ...) 
{
	va_list	list;
	char*	p;
	va_start(list, format);
	vasprintf(&p, format, list);
	va_end(list);
	
	const char*	t = p;
	throw t;
}


template <typename A>
class MachOChecker
{
public:
	static bool									validFile(const uint8_t* fileContent);
	static MachOChecker<A>*						make(const uint8_t* fileContent, uint32_t fileLength, const char* path) 
														{ return new MachOChecker<A>(fileContent, fileLength, path); }
	virtual										~MachOChecker() {}


private:
	typedef typename A::P					P;
	typedef typename A::P::E				E;
	typedef typename A::P::uint_t			pint_t;
	
												MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path);
	void										checkMachHeader();
	void										checkLoadCommands();
	void										checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect);
	uint8_t										loadCommandSizeMask();
	void										checkIndirectSymbolTable();

	const char*									fPath;
	const macho_header<P>*						fHeader;
	uint32_t									fLength;
	const char*									fStrings;
	const char*									fStringsEnd;
	const macho_nlist<P>*						fSymbols;
	uint32_t									fSymbolCount;
	const uint32_t*								fIndirectTable;
	uint32_t									fIndirectTableCount;

};


template <>
bool MachOChecker<ppc>::validFile(const uint8_t* fileContent)
{	
	const macho_header<P>* header = (const macho_header<P>*)fileContent;
	if ( header->magic() != MH_MAGIC )
		return false;
	if ( header->cputype() != CPU_TYPE_POWERPC )
		return false;
	switch (header->filetype()) {
		case MH_EXECUTE:
		case MH_DYLIB:
		case MH_BUNDLE:
		case MH_DYLINKER:
			return true;
	}
	return false;
}

template <>
bool MachOChecker<ppc64>::validFile(const uint8_t* fileContent)
{	
	const macho_header<P>* header = (const macho_header<P>*)fileContent;
	if ( header->magic() != MH_MAGIC_64 )
		return false;
	if ( header->cputype() != CPU_TYPE_POWERPC64 )
		return false;
	switch (header->filetype()) {
		case MH_EXECUTE:
		case MH_DYLIB:
		case MH_BUNDLE:
		case MH_DYLINKER:
			return true;
	}
	return false;
}

template <>
bool MachOChecker<x86>::validFile(const uint8_t* fileContent)
{	
	const macho_header<P>* header = (const macho_header<P>*)fileContent;
	if ( header->magic() != MH_MAGIC )
		return false;
	if ( header->cputype() != CPU_TYPE_I386 )
		return false;
	switch (header->filetype()) {
		case MH_EXECUTE:
		case MH_DYLIB:
		case MH_BUNDLE:
		case MH_DYLINKER:
			return true;
	}
	return false;
}


template <> uint8_t MachOChecker<ppc>::loadCommandSizeMask()	{ return 0x03; }
template <> uint8_t MachOChecker<ppc64>::loadCommandSizeMask()	{ return 0x07; }
template <> uint8_t MachOChecker<x86>::loadCommandSizeMask()	{ return 0x03; }


template <typename A>
MachOChecker<A>::MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path)
 : fHeader(NULL), fLength(fileLength), fStrings(NULL), fSymbols(NULL), fSymbolCount(0), fIndirectTableCount(0)
{
	// sanity check
	if ( ! validFile(fileContent) )
		throw "not a mach-o file that can be checked";

	fPath = strdup(path);
	fHeader = (const macho_header<P>*)fileContent;
	
	// sanity check header
	checkMachHeader();
	
	// check load commands
	checkLoadCommands();
	
	checkIndirectSymbolTable();

}


template <typename A>
void MachOChecker<A>::checkMachHeader()
{
	if ( (fHeader->sizeofcmds() + sizeof(macho_header<P>)) > fLength )
		throw "sizeofcmds in mach_header is larger than file";
	
	uint32_t flags = fHeader->flags();
	uint32_t invalidBits = MH_INCRLINK | MH_LAZY_INIT | 0xFFFC0000;
	if ( flags & invalidBits )
		throw "invalid bits in mach_header flags";
		
}

template <typename A>
void MachOChecker<A>::checkLoadCommands()
{
	// check that all load commands fit within the load command space file
	const uint8_t* const endOfFile = (uint8_t*)fHeader + fLength;
	const uint8_t* const endOfLoadCommands = (uint8_t*)fHeader + sizeof(macho_header<P>) + fHeader->sizeofcmds();
	const uint32_t cmd_count = fHeader->ncmds();
	const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
	const macho_load_command<P>* cmd = cmds;
	for (uint32_t i = 0; i < cmd_count; ++i) {
		uint32_t size = cmd->cmdsize();
		if ( (size & this->loadCommandSizeMask()) != 0 )
			throwf("load command #%d has a unaligned size", i);
		const uint8_t* endOfCmd = ((uint8_t*)cmd)+cmd->cmdsize();
		if ( endOfCmd > endOfLoadCommands )
			throwf("load command #%d extends beyond the end of the load commands", i);
		if ( endOfCmd > endOfFile )
			throwf("load command #%d extends beyond the end of the file", i);
		switch ( cmd->cmd()	) {
			case macho_segment_command<P>::CMD:
			case LC_SYMTAB:
			case LC_UNIXTHREAD:
			case LC_DYSYMTAB:
			case LC_LOAD_DYLIB:
			case LC_ID_DYLIB:
			case LC_LOAD_DYLINKER:
			case LC_ID_DYLINKER:
			case macho_routines_command<P>::CMD:
			case LC_SUB_FRAMEWORK:
			case LC_SUB_UMBRELLA:
			case LC_SUB_CLIENT:
			case LC_TWOLEVEL_HINTS:
			case LC_PREBIND_CKSUM:
			case LC_LOAD_WEAK_DYLIB:
			case LC_UUID:
				break;
			default:
				throwf("load command #%d is an unknown kind 0x%X", i, cmd->cmd());
		}
		cmd = (const macho_load_command<P>*)endOfCmd;
	}
	
	// check segments
	cmd = cmds;
	std::vector<std::pair<pint_t, pint_t> > segmentAddressRanges;
	std::vector<std::pair<pint_t, pint_t> > segmentFileOffsetRanges;
	const macho_segment_command<P>* linkEditSegment = NULL;
	for (uint32_t i = 0; i < cmd_count; ++i) {
		if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
			const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
			if ( segCmd->cmdsize() != (sizeof(macho_segment_command<P>) + segCmd->nsects() * sizeof(macho_section_content<P>)) )
				throw "invalid segment load command size";
				
			// see if this overlaps another segment address range
			uint64_t startAddr = segCmd->vmaddr();
			uint64_t endAddr = startAddr + segCmd->vmsize();
			for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentAddressRanges.begin(); it != segmentAddressRanges.end(); ++it) {
				if ( it->first < startAddr ) {
					if ( it->second > startAddr )
						throw "overlapping segment vm addresses";
				}
				else if ( it->first > startAddr ) {
					if ( it->first < endAddr )
						throw "overlapping segment vm addresses";
				}
				else {
					throw "overlapping segment vm addresses";
				}
				segmentAddressRanges.push_back(std::make_pair<pint_t, pint_t>(startAddr, endAddr));
			}
			// see if this overlaps another segment file offset range
			uint64_t startOffset = segCmd->fileoff();
			uint64_t endOffset = startOffset + segCmd->filesize();
			for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentFileOffsetRanges.begin(); it != segmentFileOffsetRanges.end(); ++it) {
				if ( it->first < startOffset ) {
					if ( it->second > startOffset )
						throw "overlapping segment file data";
				}
				else if ( it->first > startOffset ) {
					if ( it->first < endOffset )
						throw "overlapping segment file data";
				}
				else {
					throw "overlapping segment file data";
				}
				segmentFileOffsetRanges.push_back(std::make_pair<pint_t, pint_t>(startOffset, endOffset));
				// check is within file bounds
				if ( (startOffset > fLength) || (endOffset > fLength) )
					throw "segment file data is past end of file";
			}
			// verify it fits in file
			if ( startOffset > fLength )
				throw "segment fileoff does not fit in file";
			if ( endOffset > fLength )
				throw "segment fileoff+filesize does not fit in file";
				
			// keep LINKEDIT segment 
			if ( strcmp(segCmd->segname(), "__LINKEDIT") == 0 )
				linkEditSegment = segCmd;
				
			// check section ranges
			const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
			const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
			for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
				// check all sections are within segment
				if ( sect->addr() < startAddr )
					throwf("section %s vm address not within segment", sect->sectname());
				if ( (sect->addr()+sect->size()) > endAddr )
					throwf("section %s vm address not within segment", sect->sectname());
				if ( (sect->flags() &SECTION_TYPE) != S_ZEROFILL ) {
					if ( sect->offset() < startOffset )
						throwf("section %s file offset not within segment", sect->sectname());
					if ( (sect->offset()+sect->size()) > endOffset )
						throwf("section %s file offset not within segment", sect->sectname());
				}	
				checkSection(segCmd, sect);
			}
		}
		cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
	}
	
	// verify there was a LINKEDIT segment
	if ( linkEditSegment == NULL )
		throw "no __LINKEDIT segment";
	
	// checks for executables
	bool isStaticExecutable = false;
	if ( fHeader->filetype() == MH_EXECUTE ) {
		isStaticExecutable = true;
		cmd = cmds;
		for (uint32_t i = 0; i < cmd_count; ++i) {
			switch ( cmd->cmd() ) {
				case LC_LOAD_DYLINKER:
					// the existence of a dyld load command makes a executable dynamic
					isStaticExecutable = false;
					break;
			}
			cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
		}
		if ( isStaticExecutable ) {
			if ( fHeader->flags() != MH_NOUNDEFS )
				throw "invalid bits in mach_header flags for static executable";
		}
	}

	// check LC_SYMTAB and LC_DYSYMTAB
	cmd = cmds;
	bool foundDynamicSymTab = false;
	for (uint32_t i = 0; i < cmd_count; ++i) {
		switch ( cmd->cmd() ) {
			case LC_SYMTAB:
				{
					const macho_symtab_command<P>* symtab = (macho_symtab_command<P>*)cmd;
					fSymbolCount = symtab->nsyms();
					fSymbols = (const macho_nlist<P>*)((char*)fHeader + symtab->symoff());
					if ( symtab->symoff() < linkEditSegment->fileoff() )
						throw "symbol table not in __LINKEDIT";
					if ( (symtab->symoff() + fSymbolCount*sizeof(macho_nlist<P>*)) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
						throw "symbol table end not in __LINKEDIT";
					fStrings = (char*)fHeader + symtab->stroff();
					fStringsEnd = fStrings + symtab->strsize();
					if ( symtab->stroff() < linkEditSegment->fileoff() )
						throw "string pool not in __LINKEDIT";
					if ( (symtab->stroff()+symtab->strsize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
						throw "string pool extends beyond __LINKEDIT";
				}
				break;
			case LC_DYSYMTAB:
				{
					if ( isStaticExecutable )
						throw "LC_DYSYMTAB should not be used in static executable";
					foundDynamicSymTab = true;
					const macho_dysymtab_command<P>* dsymtab = (struct macho_dysymtab_command<P>*)cmd;
					fIndirectTable = (uint32_t*)((char*)fHeader + dsymtab->indirectsymoff());
					fIndirectTableCount = dsymtab->nindirectsyms();
					if ( dsymtab->indirectsymoff() < linkEditSegment->fileoff() )
						throw "indirect symbol table not in __LINKEDIT";
					if ( (dsymtab->indirectsymoff()+fIndirectTableCount*8) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
						throw "indirect symbol table not in __LINKEDIT";
				}
				break;
		}
		cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
	}
	if ( !isStaticExecutable && !foundDynamicSymTab )
		throw "missing dynamic symbol table";
	if ( fStrings == NULL )
		throw "missing symbol table";
	
	
}

template <typename A>
void MachOChecker<A>::checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect)
{
	uint8_t sectionType = (sect->flags() & SECTION_TYPE);
	if ( sectionType == S_ZEROFILL ) {
		if ( sect->offset() != 0 )
			throwf("section offset should be zero for zero-fill section %s", sect->sectname());
	}
	
	// more section tests here
}

template <typename A>
void MachOChecker<A>::checkIndirectSymbolTable()
{
	const macho_load_command<P>* const cmds = (macho_load_command<P>*)((uint8_t*)fHeader + sizeof(macho_header<P>));
	const uint32_t cmd_count = fHeader->ncmds();
	const macho_load_command<P>* cmd = cmds;
	for (uint32_t i = 0; i < cmd_count; ++i) {
		if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
			const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
			const macho_section<P>* const sectionsStart = (macho_section<P>*)((char*)segCmd + sizeof(macho_segment_command<P>));
			const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
			for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
				// make sure all magic sections that use indirect symbol table fit within it
				uint32_t start = 0;
				uint32_t elementSize = 0;
				switch ( sect->flags() & SECTION_TYPE ) {
					case S_SYMBOL_STUBS:
						elementSize = sect->reserved2();
						start = sect->reserved1();
						break;
					case S_LAZY_SYMBOL_POINTERS:
					case S_NON_LAZY_SYMBOL_POINTERS:
						elementSize = sizeof(pint_t);
						start = sect->reserved1();
						break;
				}
				if ( elementSize != 0 ) {
					uint32_t count = sect->size() / elementSize;
					if ( (count*elementSize) != sect->size() )
						throwf("%s section size is not an even multiple of element size", sect->sectname());
					if ( (start+count) > fIndirectTableCount )
						throwf("%s section references beyond end of indirect symbol table (%d > %d)", sect->sectname(), start+count, fIndirectTableCount );
				}
			}
		}
		cmd = (const macho_load_command<P>*)(((uint8_t*)cmd)+cmd->cmdsize());
	}
}


static void check(const char* path)
{
	struct stat stat_buf;
	
	try {
		int fd = ::open(path, O_RDONLY, 0);
		if ( fd == -1 )
			throw "cannot open file";
		::fstat(fd, &stat_buf);
		uint32_t length = stat_buf.st_size;
		uint8_t* p = (uint8_t*)::mmap(NULL, stat_buf.st_size, PROT_READ, MAP_FILE, fd, 0);
		::close(fd);
		const mach_header* mh = (mach_header*)p;
		if ( mh->magic == OSSwapBigToHostInt32(FAT_MAGIC) ) {
			const struct fat_header* fh = (struct fat_header*)p;
			const struct fat_arch* archs = (struct fat_arch*)(p + sizeof(struct fat_header));
			for (unsigned long i=0; i < fh->nfat_arch; ++i) {
				if ( archs[i].cputype == CPU_TYPE_POWERPC ) {
					if ( MachOChecker<ppc>::validFile(p + archs[i].offset) )
						MachOChecker<ppc>::make(p + archs[i].offset, archs[i].size, path);
					else
						throw "in universal file, ppc slice does not contain ppc mach-o";
				}
				else if ( archs[i].cputype == CPU_TYPE_I386 ) {
					if ( MachOChecker<x86>::validFile(p + archs[i].offset) )
						MachOChecker<x86>::make(p + archs[i].offset, archs[i].size, path);
					else
						throw "in universal file, i386 slice does not contain i386 mach-o";
				}
				else if ( archs[i].cputype == CPU_TYPE_POWERPC64 ) {
					if ( MachOChecker<ppc64>::validFile(p + archs[i].offset) )
						MachOChecker<ppc64>::make(p + archs[i].offset, archs[i].size, path);
					else
						throw "in universal file, ppc64 slice does not contain ppc64 mach-o";
				}
				else {
						throw "in universal file, unknown architecture slice";
				}
			}
		}
		else if ( MachOChecker<x86>::validFile(p) ) {
			MachOChecker<x86>::make(p, length, path);
		}
		else if ( MachOChecker<ppc>::validFile(p) ) {
			MachOChecker<ppc>::make(p, length, path);
		}
		else if ( MachOChecker<ppc64>::validFile(p) ) {
			MachOChecker<ppc64>::make(p, length, path);
		}
		else {
			throw "not a known file type";
		}
	}
	catch (const char* msg) {
		throwf("%s in %s", msg, path);
	}
}


int main(int argc, const char* argv[])
{
	try {
		for(int i=1; i < argc; ++i) {
			const char* arg = argv[i];
			if ( arg[0] == '-' ) {
				if ( strcmp(arg, "-no_content") == 0 ) {
					
				}
				else {
					throwf("unknown option: %s\n", arg);
				}
			}
			else {
				check(arg);
			}
		}
	}
	catch (const char* msg) {
		fprintf(stderr, "machocheck failed: %s\n", msg);
		return 1;
	}
	
	return 0;
}
Commit	Line	Data
d696c285 A	1	/* -- mode: C++; c-basic-offset: 4; tab-width: 4 --
	2	*
	3	* Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
	4	*
	5	* @APPLE_LICENSE_HEADER_START@
	6	*
	7	* This file contains Original Code and/or Modifications of Original Code
	8	* as defined in and that are subject to the Apple Public Source License
	9	* Version 2.0 (the 'License'). You may not use this file except in
	10	* compliance with the License. Please obtain a copy of the License at
	11	* http://www.opensource.apple.com/apsl/ and read it before using this
	12	* file.
	13	*
	14	* The Original Code and all software distributed under the License are
	15	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	16	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	17	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	18	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	19	* Please see the License for the specific language governing rights and
	20	* limitations under the License.
	21	*
	22	* @APPLE_LICENSE_HEADER_END@
	23	*/
	24
	25	#include <sys/types.h>
	26	#include <sys/stat.h>
	27	#include <sys/mman.h>
	28	#include <stdarg.h>
	29	#include <stdio.h>
	30	#include <fcntl.h>
	31	#include <unistd.h>
	32	#include <mach-o/loader.h>
	33	#include <mach-o/fat.h>
	34	#include <mach-o/stab.h>
	35
	36	#include <vector>
	37
	38	#include "MachOFileAbstraction.hpp"
	39	#include "Architectures.hpp"
	40
	41
	42	__attribute__((noreturn))
	43	void throwf(const char* format, ...)
	44	{
	45	va_list list;
	46	char* p;
	47	va_start(list, format);
	48	vasprintf(&p, format, list);
	49	va_end(list);
	50
	51	const char* t = p;
	52	throw t;
	53	}
	54
	55
	56	template <typename A>
	57	class MachOChecker
	58	{
	59	public:
	60	static bool validFile(const uint8_t* fileContent);
	61	static MachOChecker<A>* make(const uint8_t* fileContent, uint32_t fileLength, const char* path)
	62	{ return new MachOChecker<A>(fileContent, fileLength, path); }
	63	virtual ~MachOChecker() {}
	64
65
66	private:
67	typedef typename A::P P;
68	typedef typename A::P::E E;
69	typedef typename A::P::uint_t pint_t;
70
71	MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path);
72	void checkMachHeader();
73	void checkLoadCommands();
74	void checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect);
75	uint8_t loadCommandSizeMask();
76	void checkIndirectSymbolTable();
77
78	const char* fPath;
79	const macho_header<P>* fHeader;
80	uint32_t fLength;
81	const char* fStrings;
82	const char* fStringsEnd;
83	const macho_nlist<P>* fSymbols;
84	uint32_t fSymbolCount;
85	const uint32_t* fIndirectTable;
86	uint32_t fIndirectTableCount;
87
88	};
89
90
91
92	template <>
93	bool MachOChecker<ppc>::validFile(const uint8_t* fileContent)
94	{
95	const macho_header<P>* header = (const macho_header<P>*)fileContent;
96	if ( header->magic() != MH_MAGIC )
97	return false;
98	if ( header->cputype() != CPU_TYPE_POWERPC )
99	return false;
100	switch (header->filetype()) {
101	case MH_EXECUTE:
102	case MH_DYLIB:
103	case MH_BUNDLE:
104	case MH_DYLINKER:
105	return true;
106	}
107	return false;
108	}
109
110	template <>
111	bool MachOChecker<ppc64>::validFile(const uint8_t* fileContent)
112	{
113	const macho_header<P>* header = (const macho_header<P>*)fileContent;
114	if ( header->magic() != MH_MAGIC_64 )
115	return false;
116	if ( header->cputype() != CPU_TYPE_POWERPC64 )
117	return false;
118	switch (header->filetype()) {
119	case MH_EXECUTE:
120	case MH_DYLIB:
121	case MH_BUNDLE:
122	case MH_DYLINKER:
123	return true;
124	}
125	return false;
126	}
127
128	template <>
129	bool MachOChecker<x86>::validFile(const uint8_t* fileContent)
130	{
131	const macho_header<P>* header = (const macho_header<P>*)fileContent;
132	if ( header->magic() != MH_MAGIC )
133	return false;
134	if ( header->cputype() != CPU_TYPE_I386 )
135	return false;
136	switch (header->filetype()) {
137	case MH_EXECUTE:
138	case MH_DYLIB:
139	case MH_BUNDLE:
140	case MH_DYLINKER:
141	return true;
142	}
143	return false;
144	}
145
146
147
148	template <> uint8_t MachOChecker<ppc>::loadCommandSizeMask() { return 0x03; }
149	template <> uint8_t MachOChecker<ppc64>::loadCommandSizeMask() { return 0x07; }
150	template <> uint8_t MachOChecker<x86>::loadCommandSizeMask() { return 0x03; }
151
152
153	template <typename A>
154	MachOChecker<A>::MachOChecker(const uint8_t* fileContent, uint32_t fileLength, const char* path)
155	: fHeader(NULL), fLength(fileLength), fStrings(NULL), fSymbols(NULL), fSymbolCount(0), fIndirectTableCount(0)
156	{
157	// sanity check
158	if ( ! validFile(fileContent) )
159	throw "not a mach-o file that can be checked";
160
161	fPath = strdup(path);
162	fHeader = (const macho_header<P>*)fileContent;
163
164	// sanity check header
165	checkMachHeader();
166
167	// check load commands
168	checkLoadCommands();
169
170	checkIndirectSymbolTable();
171
172	}
173
174
175	template <typename A>
176	void MachOChecker<A>::checkMachHeader()
177	{
178	if ( (fHeader->sizeofcmds() + sizeof(macho_header<P>)) > fLength )
179	throw "sizeofcmds in mach_header is larger than file";
180
181	uint32_t flags = fHeader->flags();
182	uint32_t invalidBits = MH_INCRLINK \| MH_LAZY_INIT \| 0xFFFC0000;
183	if ( flags & invalidBits )
184	throw "invalid bits in mach_header flags";
185
186	}
187
188	template <typename A>
189	void MachOChecker<A>::checkLoadCommands()
190	{
191	// check that all load commands fit within the load command space file
192	const uint8_t* const endOfFile = (uint8_t*)fHeader + fLength;
193	const uint8_t* const endOfLoadCommands = (uint8_t*)fHeader + sizeof(macho_header<P>) + fHeader->sizeofcmds();
194	const uint32_t cmd_count = fHeader->ncmds();
195	const macho_load_command<P>* const cmds = (macho_load_command<P>)((uint8_t)fHeader + sizeof(macho_header<P>));
196	const macho_load_command<P>* cmd = cmds;
197	for (uint32_t i = 0; i < cmd_count; ++i) {
198	uint32_t size = cmd->cmdsize();
199	if ( (size & this->loadCommandSizeMask()) != 0 )
200	throwf("load command #%d has a unaligned size", i);
201	const uint8_t* endOfCmd = ((uint8_t*)cmd)+cmd->cmdsize();
202	if ( endOfCmd > endOfLoadCommands )
203	throwf("load command #%d extends beyond the end of the load commands", i);
204	if ( endOfCmd > endOfFile )
205	throwf("load command #%d extends beyond the end of the file", i);
206	switch ( cmd->cmd() ) {
207	case macho_segment_command<P>::CMD:
208	case LC_SYMTAB:
209	case LC_UNIXTHREAD:
210	case LC_DYSYMTAB:
211	case LC_LOAD_DYLIB:
212	case LC_ID_DYLIB:
213	case LC_LOAD_DYLINKER:
214	case LC_ID_DYLINKER:
215	case macho_routines_command<P>::CMD:
216	case LC_SUB_FRAMEWORK:
217	case LC_SUB_UMBRELLA:
218	case LC_SUB_CLIENT:
219	case LC_TWOLEVEL_HINTS:
220	case LC_PREBIND_CKSUM:
221	case LC_LOAD_WEAK_DYLIB:
222	case LC_UUID:
223	break;
224	default:
225	throwf("load command #%d is an unknown kind 0x%X", i, cmd->cmd());
226	}
227	cmd = (const macho_load_command<P>*)endOfCmd;
228	}
229
230	// check segments
231	cmd = cmds;
232	std::vector<std::pair<pint_t, pint_t> > segmentAddressRanges;
233	std::vector<std::pair<pint_t, pint_t> > segmentFileOffsetRanges;
234	const macho_segment_command<P>* linkEditSegment = NULL;
235	for (uint32_t i = 0; i < cmd_count; ++i) {
236	if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
237	const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
238	if ( segCmd->cmdsize() != (sizeof(macho_segment_command<P>) + segCmd->nsects() * sizeof(macho_section_content<P>)) )
239	throw "invalid segment load command size";
240
241	// see if this overlaps another segment address range
242	uint64_t startAddr = segCmd->vmaddr();
243	uint64_t endAddr = startAddr + segCmd->vmsize();
244	for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentAddressRanges.begin(); it != segmentAddressRanges.end(); ++it) {
245	if ( it->first < startAddr ) {
246	if ( it->second > startAddr )
247	throw "overlapping segment vm addresses";
248	}
249	else if ( it->first > startAddr ) {
250	if ( it->first < endAddr )
251	throw "overlapping segment vm addresses";
252	}
253	else {
254	throw "overlapping segment vm addresses";
255	}
256	segmentAddressRanges.push_back(std::make_pair<pint_t, pint_t>(startAddr, endAddr));
257	}
258	// see if this overlaps another segment file offset range
259	uint64_t startOffset = segCmd->fileoff();
260	uint64_t endOffset = startOffset + segCmd->filesize();
261	for (typename std::vector<std::pair<pint_t, pint_t> >::iterator it = segmentFileOffsetRanges.begin(); it != segmentFileOffsetRanges.end(); ++it) {
262	if ( it->first < startOffset ) {
263	if ( it->second > startOffset )
264	throw "overlapping segment file data";
265	}
266	else if ( it->first > startOffset ) {
267	if ( it->first < endOffset )
268	throw "overlapping segment file data";
269	}
270	else {
271	throw "overlapping segment file data";
272	}
273	segmentFileOffsetRanges.push_back(std::make_pair<pint_t, pint_t>(startOffset, endOffset));
274	// check is within file bounds
275	if ( (startOffset > fLength) \|\| (endOffset > fLength) )
276	throw "segment file data is past end of file";
277	}
278	// verify it fits in file
279	if ( startOffset > fLength )
280	throw "segment fileoff does not fit in file";
281	if ( endOffset > fLength )
282	throw "segment fileoff+filesize does not fit in file";
283
284	// keep LINKEDIT segment
285	if ( strcmp(segCmd->segname(), "__LINKEDIT") == 0 )
286	linkEditSegment = segCmd;
287
288	// check section ranges
289	const macho_section<P>* const sectionsStart = (macho_section<P>)((char)segCmd + sizeof(macho_segment_command<P>));
290	const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
291	for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
292	// check all sections are within segment
293	if ( sect->addr() < startAddr )
294	throwf("section %s vm address not within segment", sect->sectname());
295	if ( (sect->addr()+sect->size()) > endAddr )
296	throwf("section %s vm address not within segment", sect->sectname());
297	if ( (sect->flags() &SECTION_TYPE) != S_ZEROFILL ) {
298	if ( sect->offset() < startOffset )
299	throwf("section %s file offset not within segment", sect->sectname());
300	if ( (sect->offset()+sect->size()) > endOffset )
301	throwf("section %s file offset not within segment", sect->sectname());
302	}
303	checkSection(segCmd, sect);
304	}
305	}
306	cmd = (const macho_load_command<P>)(((uint8_t)cmd)+cmd->cmdsize());
307	}
308
309	// verify there was a LINKEDIT segment
310	if ( linkEditSegment == NULL )
311	throw "no __LINKEDIT segment";
312
313	// checks for executables
314	bool isStaticExecutable = false;
315	if ( fHeader->filetype() == MH_EXECUTE ) {
316	isStaticExecutable = true;
317	cmd = cmds;
318	for (uint32_t i = 0; i < cmd_count; ++i) {
319	switch ( cmd->cmd() ) {
320	case LC_LOAD_DYLINKER:
321	// the existence of a dyld load command makes a executable dynamic
322	isStaticExecutable = false;
323	break;
324	}
325	cmd = (const macho_load_command<P>)(((uint8_t)cmd)+cmd->cmdsize());
326	}
327	if ( isStaticExecutable ) {
328	if ( fHeader->flags() != MH_NOUNDEFS )
329	throw "invalid bits in mach_header flags for static executable";
330	}
331	}
332
333	// check LC_SYMTAB and LC_DYSYMTAB
334	cmd = cmds;
335	bool foundDynamicSymTab = false;
336	for (uint32_t i = 0; i < cmd_count; ++i) {
337	switch ( cmd->cmd() ) {
338	case LC_SYMTAB:
339	{
340	const macho_symtab_command<P>* symtab = (macho_symtab_command<P>*)cmd;
341	fSymbolCount = symtab->nsyms();
342	fSymbols = (const macho_nlist<P>)((char)fHeader + symtab->symoff());
343	if ( symtab->symoff() < linkEditSegment->fileoff() )
344	throw "symbol table not in __LINKEDIT";
345	if ( (symtab->symoff() + fSymbolCountsizeof(macho_nlist<P>)) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
346	throw "symbol table end not in __LINKEDIT";
347	fStrings = (char*)fHeader + symtab->stroff();
348	fStringsEnd = fStrings + symtab->strsize();
349	if ( symtab->stroff() < linkEditSegment->fileoff() )
350	throw "string pool not in __LINKEDIT";
351	if ( (symtab->stroff()+symtab->strsize()) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
352	throw "string pool extends beyond __LINKEDIT";
353	}
354	break;
355	case LC_DYSYMTAB:
356	{
357	if ( isStaticExecutable )
358	throw "LC_DYSYMTAB should not be used in static executable";
359	foundDynamicSymTab = true;
360	const macho_dysymtab_command<P>* dsymtab = (struct macho_dysymtab_command<P>*)cmd;
361	fIndirectTable = (uint32_t)((char)fHeader + dsymtab->indirectsymoff());
362	fIndirectTableCount = dsymtab->nindirectsyms();
363	if ( dsymtab->indirectsymoff() < linkEditSegment->fileoff() )
364	throw "indirect symbol table not in __LINKEDIT";
365	if ( (dsymtab->indirectsymoff()+fIndirectTableCount*8) > (linkEditSegment->fileoff()+linkEditSegment->filesize()) )
366	throw "indirect symbol table not in __LINKEDIT";
367	}
368	break;
369	}
370	cmd = (const macho_load_command<P>)(((uint8_t)cmd)+cmd->cmdsize());
371	}
372	if ( !isStaticExecutable && !foundDynamicSymTab )
373	throw "missing dynamic symbol table";
374	if ( fStrings == NULL )
375	throw "missing symbol table";
376
377
378
379	}
380
381	template <typename A>
382	void MachOChecker<A>::checkSection(const macho_segment_command<P>* segCmd, const macho_section<P>* sect)
383	{
384	uint8_t sectionType = (sect->flags() & SECTION_TYPE);
385	if ( sectionType == S_ZEROFILL ) {
386	if ( sect->offset() != 0 )
387	throwf("section offset should be zero for zero-fill section %s", sect->sectname());
388	}
389
390	// more section tests here
391	}
392
393	template <typename A>
394	void MachOChecker<A>::checkIndirectSymbolTable()
395	{
396	const macho_load_command<P>* const cmds = (macho_load_command<P>)((uint8_t)fHeader + sizeof(macho_header<P>));
397	const uint32_t cmd_count = fHeader->ncmds();
398	const macho_load_command<P>* cmd = cmds;
399	for (uint32_t i = 0; i < cmd_count; ++i) {
400	if ( cmd->cmd() == macho_segment_command<P>::CMD ) {
401	const macho_segment_command<P>* segCmd = (const macho_segment_command<P>*)cmd;
402	const macho_section<P>* const sectionsStart = (macho_section<P>)((char)segCmd + sizeof(macho_segment_command<P>));
403	const macho_section<P>* const sectionsEnd = &sectionsStart[segCmd->nsects()];
404	for(const macho_section<P>* sect = sectionsStart; sect < sectionsEnd; ++sect) {
405	// make sure all magic sections that use indirect symbol table fit within it
406	uint32_t start = 0;
407	uint32_t elementSize = 0;
408	switch ( sect->flags() & SECTION_TYPE ) {
409	case S_SYMBOL_STUBS:
410	elementSize = sect->reserved2();
411	start = sect->reserved1();
412	break;
413	case S_LAZY_SYMBOL_POINTERS:
414	case S_NON_LAZY_SYMBOL_POINTERS:
415	elementSize = sizeof(pint_t);
416	start = sect->reserved1();
417	break;
418	}
419	if ( elementSize != 0 ) {
420	uint32_t count = sect->size() / elementSize;
421	if ( (count*elementSize) != sect->size() )
422	throwf("%s section size is not an even multiple of element size", sect->sectname());
423	if ( (start+count) > fIndirectTableCount )
424	throwf("%s section references beyond end of indirect symbol table (%d > %d)", sect->sectname(), start+count, fIndirectTableCount );
425	}
426	}
427	}
428	cmd = (const macho_load_command<P>)(((uint8_t)cmd)+cmd->cmdsize());
429	}
430	}
431
432
433	static void check(const char* path)
434	{
435	struct stat stat_buf;
436
437	try {
438	int fd = ::open(path, O_RDONLY, 0);
439	if ( fd == -1 )
440	throw "cannot open file";
441	::fstat(fd, &stat_buf);
442	uint32_t length = stat_buf.st_size;
443	uint8_t* p = (uint8_t*)::mmap(NULL, stat_buf.st_size, PROT_READ, MAP_FILE, fd, 0);
444	::close(fd);
445	const mach_header* mh = (mach_header*)p;
446	if ( mh->magic == OSSwapBigToHostInt32(FAT_MAGIC) ) {
447	const struct fat_header* fh = (struct fat_header*)p;
448	const struct fat_arch* archs = (struct fat_arch*)(p + sizeof(struct fat_header));
449	for (unsigned long i=0; i < fh->nfat_arch; ++i) {
450	if ( archs[i].cputype == CPU_TYPE_POWERPC ) {
451	if ( MachOChecker<ppc>::validFile(p + archs[i].offset) )
452	MachOChecker<ppc>::make(p + archs[i].offset, archs[i].size, path);
453	else
454	throw "in universal file, ppc slice does not contain ppc mach-o";
455	}
456	else if ( archs[i].cputype == CPU_TYPE_I386 ) {
457	if ( MachOChecker<x86>::validFile(p + archs[i].offset) )
458	MachOChecker<x86>::make(p + archs[i].offset, archs[i].size, path);
459	else
460	throw "in universal file, i386 slice does not contain i386 mach-o";
461	}
462	else if ( archs[i].cputype == CPU_TYPE_POWERPC64 ) {
463	if ( MachOChecker<ppc64>::validFile(p + archs[i].offset) )
464	MachOChecker<ppc64>::make(p + archs[i].offset, archs[i].size, path);
465	else
466	throw "in universal file, ppc64 slice does not contain ppc64 mach-o";
467	}
468	else {
469	throw "in universal file, unknown architecture slice";
470	}
471	}
472	}
473	else if ( MachOChecker<x86>::validFile(p) ) {
474	MachOChecker<x86>::make(p, length, path);
475	}
476	else if ( MachOChecker<ppc>::validFile(p) ) {
477	MachOChecker<ppc>::make(p, length, path);
478	}
479	else if ( MachOChecker<ppc64>::validFile(p) ) {
480	MachOChecker<ppc64>::make(p, length, path);
481	}
482	else {
483	throw "not a known file type";
484	}
485	}
486	catch (const char* msg) {
487	throwf("%s in %s", msg, path);
488	}
489	}
490
491
492	int main(int argc, const char* argv[])
493	{
494	try {
495	for(int i=1; i < argc; ++i) {
496	const char* arg = argv[i];
497	if ( arg[0] == '-' ) {
498	if ( strcmp(arg, "-no_content") == 0 ) {
499
500	}
501	else {
502	throwf("unknown option: %s\n", arg);
503	}
504	}
505	else {
506	check(arg);
507	}
508	}
509	}
510	catch (const char* msg) {
511	fprintf(stderr, "machocheck failed: %s\n", msg);
512	return 1;
513	}
514
515	return 0;
516	}
517
518
519