In response to a public outcry the strings program now defaults to using the

--all option which displays text from anywhere in the input file(s). The default used to be --data, which only displays text from loadable data sections, but this requires the use of the BFD library. Since the BFD library almost certainly still contains buffer overrun and/or memory corruption bugs, and since the strings program is often used to examine malicious code, it was decided that the --data option option represents a possible security risk. * strings.c: Add new command line option --data to only scan the initialized, loadable data secions of binaries. Choose the default behaviour of --all or --data based upon a configure option. * doc/binutils.texi (strings): Update documentation. Include description of why the --data option might be unsafe. * configure.ac: Add new option --disable-default-strings-all which restores the old behaviour of strings using --data by default. If the option is not used make strings use --all by default. * NEWS: Mention the new behaviour of strings. * configure: Regenerate. * config.in: Regenerate.
2014-10-31 10:10:37 +00:00 · 2014-10-31 10:10:37 +00:00 · 7fac9594c4
commit 7fac9594c4
parent 02be9a7100
6 changed files with 106 additions and 17 deletions
--- a/binutils/NEWS
+++ b/binutils/NEWS
@ -2,6 +2,11 @@
 Changes in 2.25:
 * Add --data option to strings to only print strings in loadable, initialized
  data sections.  Change the default behaviour to be --all, but add a new
  configure time option of --disable-default-strings-all to restore the old
  default behaviour.
 * Add --include-all-whitespace to strings.
 * Add --dump-section option to objcopy.
--- a/binutils/config.in
+++ b/binutils/config.in
@ -18,6 +18,9 @@
 /* Should ar and ranlib use -D behavior by default? */
 #undef DEFAULT_AR_DETERMINISTIC
 /* Should strings use -a behavior by default? */
 #undef DEFAULT_STRINGS_ALL
 /* Define to 1 if translation of program messages to the user's native
   language is requested. */
 #undef ENABLE_NLS
--- a/binutils/configure
+++ b/binutils/configure
@ -772,6 +772,7 @@ enable_plugins
 enable_largefile
 enable_targets
 enable_deterministic_archives
 enable_default_strings_all
 enable_werror
 enable_build_warnings
 enable_nls
@ -1423,6 +1424,8 @@ Optional Features:
  --enable-targets        alternative target configurations
  --enable-deterministic-archives
                          ar and ranlib default to -D behavior
  --disable-default-strings-all
                          strings defaults to --data behavior
  --enable-werror         treat compile warnings as errors
  --enable-build-warnings enable build-time compiler warnings
  --disable-nls           do not use Native Language Support
@ -10984,7 +10987,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<_LT_EOF
-#line 10987 "configure"
+#line 10990 "configure"
 #include "confdefs.h"
 #if HAVE_DLFCN_H
@ -11090,7 +11093,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<_LT_EOF
-#line 11093 "configure"
+#line 11096 "configure"
 #include "confdefs.h"
 #if HAVE_DLFCN_H
@ -11681,6 +11684,25 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 # Check whether --enable-default-strings-all was given.
 if test "${enable_default_strings_all+set}" = set; then :
  enableval=$enable_default_strings_all;
 if test "${enableval}" = no; then
  default_strings_all=0
 else
  default_strings_all=1
 fi
 else
  default_strings_all=1
 fi
 cat >>confdefs.h <<_ACEOF
 #define DEFAULT_STRINGS_ALL $default_strings_all
 _ACEOF
 # Set the 'development' global.
 . $srcdir/../bfd/development.sh
--- a/binutils/configure.ac
+++ b/binutils/configure.ac
@ -55,6 +55,18 @@ fi], [default_ar_deterministic=0])
 AC_DEFINE_UNQUOTED(DEFAULT_AR_DETERMINISTIC, $default_ar_deterministic,
 		   [Should ar and ranlib use -D behavior by default?])
 AC_ARG_ENABLE(default-strings-all,
 [AS_HELP_STRING([--disable-default-strings-all],
 		[strings defaults to --data behavior])], [
 if test "${enableval}" = no; then
  default_strings_all=0
 else
  default_strings_all=1
 fi], [default_strings_all=1])
 AC_DEFINE_UNQUOTED(DEFAULT_STRINGS_ALL, $default_strings_all,
 		   [Should strings use -a behavior by default?])
 AM_BINUTILS_WARNINGS
 AC_CONFIG_HEADERS(config.h:config.in)
--- a/binutils/doc/binutils.texi
+++ b/binutils/doc/binutils.texi
@ -2672,15 +2672,24 @@ strings [@option{-afovV}] [@option{-}@var{min-len}]
@c man begin DESCRIPTION strings
-For each @var{file} given, @sc{gnu} @command{strings} prints the printable
+For each @var{file} given, @sc{gnu} @command{strings} prints the
-character sequences that are at least 4 characters long (or the number
+printable character sequences that are at least 4 characters long (or
-given with the options below) and are followed by an unprintable
+the number given with the options below) and are followed by an
-character.  By default, it only prints the strings from the initialized
+unprintable character.
 and loaded sections of object files; for other types of files, it prints
 the strings from the whole file.
-@command{strings} is mainly useful for determining the contents of non-text
+Depending upon how the strings program was configured it will default
-files.
+to either displaying all the printable sequences that it can find in
 each file, or only those sequences that are in loadable, initialized
 data sections.  If the file type in unrecognizable, or if strings is
 reading from stdin then it will always display all of the printable
 sequences that it can find.
 For backwards compatibility any file that occurs after a command line
 option of just @option{-} will also be scanned in full, regardless of
 the presence of any @option{-d} option. 
@command{strings} is mainly useful for determining the contents of
 non-text files.
@c man end
@ -2690,8 +2699,25 @@ files.
@item -a
@itemx --all
@itemx -
-Do not scan only the initialized and loaded sections of object files;
+Scan the whole file, regardless of what sections it contains or
-scan the whole files.
+whether those sections are loaded or initialized.  Normally this is
 the default behaviour, but strings can be configured so that the
@option{-d} is the default instead.
 The @option{-} option is position dependent and forces strings to
 perform full scans of any file that is mentioned after the @option{-}
 on the command line, even if the @option{-d} option has been
 specified.
@item -d
@itemx --data
 Only print strings from initialized, loaded data sections in the
 file.  This may reduce the amount of garbage in the output, but it
 also exposes the strings program to any security flaws that may be
 present in the BFD library used to scan and load sections.  Strings
 can be configured so that this option is the default behaviour.  In
 such cases the @option{-a} option can be used to avoid using the BFD
 library and instead just print all of the strings found in the file.
@item -f
@itemx --print-file-name
--- a/binutils/strings.c
+++ b/binutils/strings.c
@ -21,7 +21,10 @@
   Options:
   --all
   -a
-   -		Do not scan only the initialized data section of object files.
+   -		Scan each file in its entirety.
   --data
   -d		Scan only the initialized data section(s) of object files.
   --print-file-name
   -f		Print the name of the file before each string.
@ -114,6 +117,7 @@ static int encoding_bytes;
 static struct option long_options[] =
 {
  {"all", no_argument, NULL, 'a'},
  {"data", no_argument, NULL, 'd'},
  {"print-file-name", no_argument, NULL, 'f'},
  {"bytes", required_argument, NULL, 'n'},
  {"radix", required_argument, NULL, 't'},
@ -136,7 +140,7 @@ typedef struct
 static void strings_a_section (bfd *, asection *, void *);
 static bfd_boolean strings_object_file (const char *);
-static bfd_boolean strings_file (char *file);
+static bfd_boolean strings_file (char *);
 static void print_strings (const char *, FILE *, file_ptr, int, int, char *);
 static void usage (FILE *, int);
 static long get_char (FILE *, file_ptr *, int *, char **);
@ -167,11 +171,14 @@ main (int argc, char **argv)
  include_all_whitespace = FALSE;
  print_addresses = FALSE;
  print_filenames = FALSE;
-  datasection_only = TRUE;
+  if (DEFAULT_STRINGS_ALL)
    datasection_only = FALSE;
  else
    datasection_only = TRUE;
  target = NULL;
  encoding = 's';
-  while ((optc = getopt_long (argc, argv, "afhHn:wot:e:T:Vv0123456789",
+  while ((optc = getopt_long (argc, argv, "adfhHn:wot:e:T:Vv0123456789",
 			      long_options, (int *) 0)) != EOF)
    {
      switch (optc)
@ -180,6 +187,10 @@ main (int argc, char **argv)
 	  datasection_only = FALSE;
 	  break;
 	case 'd':
 	  datasection_only = TRUE;
 	  break;
 	case 'f':
 	  print_filenames = TRUE;
 	  break;
@ -648,8 +659,18 @@ usage (FILE *stream, int status)
 {
  fprintf (stream, _("Usage: %s [option(s)] [file(s)]\n"), program_name);
  fprintf (stream, _(" Display printable strings in [file(s)] (stdin by default)\n"));
-  fprintf (stream, _(" The options are:\n\
+  fprintf (stream, _(" The options are:\n"));
  if (DEFAULT_STRINGS_ALL)
    fprintf (stream, _("\
  -a - --all                Scan the entire file, not just the data section [default]\n\
  -d --data                 Only scan the data sections in the file\n"));
  else
    fprintf (stream, _("\
  -a - --all                Scan the entire file, not just the data section\n\
  -d --data                 Only scan the data sections in the file [default]\n"));
  fprintf (stream, _("\
  -f --print-file-name      Print the name of the file before each string\n\
  -n --bytes=[number]       Locate & print any NUL-terminated sequence of at\n\
  -<number>                   least [number] characters (default 4).\n\