elf, pe: Add/Extend ELF/PE permissive parsing mode to better handle packed, broken, or malware samples (#479)

Add a new permissive internal trait to allow non-strict parsing of elf and pe binaries.
Add a new options module that exposes ParseMode and ParseOptions. ParseOptions and ParseMode implement Default, which defaults to the current strict form of goblin's parsing of binaries.
Add two new pub functions that allow users to pass ParseOptions to e.g., turn off strict parsing, etc.
Permissive parsing defaults unparseable structures to defaults or optionals in general, and allows the parse of the binary to continue.

Some inline git commit messages:
* fix: invalid utf8
* fix: wrong reloc directory size
* skip tls parsing on error
* load binaries with broken/packed sections in permissive mode
* skipping basereloc in packed binaries in permisive mode
* do not map the debug directory in permissive mode if it has been removed or does not exist
* ELF permissive mode + malformed sections handling in permissive mode
* skip rich and dos stub parssing on fail in permissive mode
* allow ImageDebugDirectory size 0 in permissive mode (packed/stripped binaries)
* continue parsing on missing section headers in permissive mode
* skip non-utf8 strings in sections and strtab
* added more permissive parsing to handle packed/malformed elfs
* added persmisive mode for import table
* pe: added better error handling with Permissive trait to HintNameTableEntry

Author: chf0x

src/elf/mod.rs

@@ -67,6 +67,7 @@ if_sylvan! {
     use scroll::{ctx, Pread, Endian};
     use crate::strtab::Strtab;
     use crate::error;
+    use crate::options::{Permissive, ParseOptions};
     use crate::container::{Container, Ctx};
     use alloc::vec::Vec;
     use core::cmp;
@@ -260,9 +261,15 @@ if_sylvan! {
 
         /// Parses the contents of the byte stream in `bytes`, and maybe returns a unified binary
         pub fn parse(bytes: &'a [u8]) -> error::Result<Self> {
+            Self::parse_with_opts(bytes, &ParseOptions::default())
+        }
+
+        /// Parses the contents of the byte stream in `bytes` with options, and maybe returns a unified binary
+        pub fn parse_with_opts(bytes: &'a [u8], opts: &ParseOptions) -> error::Result<Self> {
             let header = Self::parse_header(bytes)?;
             let misc = parse_misc(&header)?;
             let ctx = misc.ctx;
+            let permissive = opts.parse_mode.is_permissive();
 
             let program_headers = ProgramHeader::parse(bytes, header.e_phoff as usize, header.e_phnum as usize, ctx)?;
 
@@ -275,7 +282,8 @@ if_sylvan! {
                 }
             }
 
-            let section_headers = SectionHeader::parse(bytes, header.e_shoff as usize, header.e_shnum as usize, ctx)?;
+            let section_headers = SectionHeader::parse(bytes, header.e_shoff as usize, header.e_shnum as usize, ctx)
+                .or_permissive_and_default(permissive, "Failed to parse section headers")?;
 
             let get_strtab = |section_headers: &[SectionHeader], mut section_idx: usize| {
                 if section_idx == section_header::SHN_XINDEX as usize {
@@ -290,8 +298,8 @@ if_sylvan! {
                     Ok(Strtab::default())
                 } else {
                     let shdr = &section_headers[section_idx];
-                    shdr.check_size(bytes.len())?;
-                    Strtab::parse(bytes, shdr.sh_offset as usize, shdr.sh_size as usize, 0x0)
+                    shdr.check_size_with_opts(bytes.len(), permissive)?;
+                    Strtab::parse_with_opts(bytes, shdr.sh_offset as usize, shdr.sh_size as usize, 0x0, opts)
                 }
             };
 
@@ -302,8 +310,27 @@ if_sylvan! {
             let mut strtab = Strtab::default();
             if let Some(shdr) = section_headers.iter().rfind(|shdr| shdr.sh_type as u32 == section_header::SHT_SYMTAB) {
                 let size = shdr.sh_entsize;
-                let count = if size == 0 { 0 } else { shdr.sh_size / size };
-                syms = Symtab::parse(bytes, shdr.sh_offset as usize, count as usize, ctx)?;
+                let initial_count = if size == 0 { 0 } else { shdr.sh_size / size };
+
+                // Check for extremely large counts that exceed usize capacity
+                let count = if initial_count > usize::MAX as u64 {
+
+                    Err(crate::error::Error::Malformed(
+                        format!(
+                            "Symbol table count ({}) from section header exceeds maximum possible value",
+                            initial_count
+                        )
+                    ))
+                    .or_permissive_and_then(
+                        permissive,
+                        "Symbol table count exceeds maximum; truncating",
+                        || usize::MAX as u64,
+                    )?
+                } else {
+                    initial_count
+                };
+
+                syms = Symtab::parse_with_opts(bytes, shdr.sh_offset as usize, count as usize, ctx, opts)?;
                 strtab = get_strtab(&section_headers, shdr.sh_link as usize)?;
             }
 
@@ -317,15 +344,17 @@ if_sylvan! {
             let mut dynrels = RelocSection::default();
             let mut pltrelocs = RelocSection::default();
             let mut dynstrtab = Strtab::default();
-            let dynamic = Dynamic::parse(bytes, &program_headers, ctx)?;
+            let dynamic = Dynamic::parse(bytes, &program_headers, ctx)
+                .or_permissive_and_default(permissive, "Failed to parse dynamic section")?;
             if let Some(ref dynamic) = dynamic {
                 let dyn_info = &dynamic.info;
 
                 is_pie = dyn_info.flags_1 & dynamic::DF_1_PIE != 0;
-                dynstrtab = Strtab::parse(bytes,
-                                          dyn_info.strtab,
-                                          dyn_info.strsz,
-                                          0x0)?;
+                dynstrtab = Strtab::parse_with_opts(bytes,
+                                      dyn_info.strtab,
+                                      dyn_info.strsz,
+                                      0x0, opts)
+                    .or_permissive_and_default(permissive, "Failed to parse dynamic string table")?;
 
                 if dyn_info.soname != 0 {
                     // FIXME: warn! here
@@ -346,15 +375,22 @@ if_sylvan! {
                     }
                 }
                 // parse the dynamic relocations
-                dynrelas = RelocSection::parse(bytes, dyn_info.rela, dyn_info.relasz, true, ctx)?;
-                dynrels = RelocSection::parse(bytes, dyn_info.rel, dyn_info.relsz, false, ctx)?;
+                dynrelas = RelocSection::parse(bytes, dyn_info.rela, dyn_info.relasz, true, ctx)
+                    .or_permissive_and_default(permissive, "Failed to parse dynamic RELA relocations")?;
+
+                dynrels = RelocSection::parse(bytes, dyn_info.rel, dyn_info.relsz, false, ctx)
+                    .or_permissive_and_default(permissive, "Failed to parse dynamic REL relocations")?;
+
                 let is_rela = dyn_info.pltrel as u64 == dynamic::DT_RELA;
-                pltrelocs = RelocSection::parse(bytes, dyn_info.jmprel, dyn_info.pltrelsz, is_rela, ctx)?;
+                pltrelocs = RelocSection::parse(bytes, dyn_info.jmprel, dyn_info.pltrelsz, is_rela, ctx)
+                    .or_permissive_and_default(permissive, "Failed to parse PLT relocations")?;
 
                 let mut num_syms = if let Some(gnu_hash) = dyn_info.gnu_hash {
-                    gnu_hash_len(bytes, gnu_hash as usize, ctx)?
+                    gnu_hash_len(bytes, gnu_hash as usize, ctx)
+                        .or_permissive_and_default(permissive, "Failed to parse GNU hash table")?
                 } else if let Some(hash) = dyn_info.hash {
-                    hash_len(bytes, hash as usize, header.e_machine, ctx)?
+                    hash_len(bytes, hash as usize, header.e_machine, ctx)
+                        .or_permissive_and_default(permissive, "Failed to parse hash table")?
                 } else {
                     0
                 };
@@ -365,22 +401,36 @@ if_sylvan! {
                 if max_reloc_sym != 0 {
                     num_syms = cmp::max(num_syms, max_reloc_sym + 1);
                 }
-                dynsyms = Symtab::parse(bytes, dyn_info.symtab, num_syms, ctx)?;
+                dynsyms = Symtab::parse_with_opts(bytes, dyn_info.symtab, num_syms, ctx, opts)?;
             }
 
             let mut shdr_relocs = vec![];
             for (idx, section) in section_headers.iter().enumerate() {
                 let is_rela = section.sh_type == section_header::SHT_RELA;
                 if is_rela || section.sh_type == section_header::SHT_REL {
-                    section.check_size(bytes.len())?;
-                    let sh_relocs = RelocSection::parse(bytes, section.sh_offset as usize, section.sh_size as usize, is_rela, ctx)?;
-                    shdr_relocs.push((idx, sh_relocs));
+
+                    section.check_size_with_opts(bytes.len(), permissive)?;
+                    let sh_relocs_opt = RelocSection::parse(bytes, section.sh_offset as usize, section.sh_size as usize, is_rela, ctx)
+                        .map(Some)
+                        .or_permissive_and_default(
+                            permissive,
+                            "Failed to parse section relocation; skipping",
+                        )?;
+
+                    if let Some(sh_relocs) = sh_relocs_opt {
+                        shdr_relocs.push((idx, sh_relocs));
+                    }
                 }
             }
 
-            let versym = symver::VersymSection::parse(bytes, &section_headers, ctx)?;
-            let verdef = symver::VerdefSection::parse(bytes, &section_headers, ctx)?;
-            let verneed = symver::VerneedSection::parse(bytes, &section_headers, ctx)?;
+            let versym = symver::VersymSection::parse(bytes, &section_headers, ctx)
+                .or_permissive_and_default(permissive, "Failed to parse version symbol section")?;
+
+            let verdef = symver::VerdefSection::parse(bytes, &section_headers, ctx)
+                .or_permissive_and_default(permissive, "Failed to parse version definition section")?;
+
+            let verneed = symver::VerneedSection::parse(bytes, &section_headers, ctx)
+                .or_permissive_and_default(permissive, "Failed to parse version need section")?;
 
             let is_lib = misc.is_lib && !is_pie;
 

src/elf/section_header.rs

@@ -370,7 +370,8 @@ pub mod section_header64 {
 ///////////////////////////////
 
 if_alloc! {
-    use crate::error;
+    use crate::error::{self};
+    use crate::options::Permissive;
     use core::fmt;
     use core::result;
     use core::ops::Range;
@@ -477,20 +478,26 @@ if_alloc! {
             Ok(section_headers)
         }
         pub fn check_size(&self, size: usize) -> error::Result<()> {
+            self.check_size_with_opts(size, false)
+        }
+
+        pub(crate) fn check_size_with_opts(&self, size: usize, permissive: bool) -> error::Result<()> {
             if self.sh_type == SHT_NOBITS || self.sh_size == 0 {
                 return Ok(());
             }
             let (end, overflow) = self.sh_offset.overflowing_add(self.sh_size);
             if overflow || end > size as u64 {
                 let message = format!("Section {} size ({}) + offset ({}) is out of bounds. Overflowed: {}",
                     self.sh_name, self.sh_offset, self.sh_size, overflow);
-                return Err(error::Error::Malformed(message));
+                return Err(error::Error::Malformed(message))
+                    .or_permissive_and_value(permissive, "Malformed section header", ());
             }
             let (_, overflow) = self.sh_addr.overflowing_add(self.sh_size);
             if overflow {
                 let message = format!("Section {} size ({}) + addr ({}) is out of bounds. Overflowed: {}",
                     self.sh_name, self.sh_addr, self.sh_size, overflow);
-                return Err(error::Error::Malformed(message));
+                return Err(error::Error::Malformed(message))
+                    .or_permissive_and_value(permissive, "Malformed section header", ());
             }
             Ok(())
         }

src/elf/sym.rs

@@ -330,6 +330,7 @@ pub mod sym64 {
 use crate::container::{Container, Ctx};
 #[cfg(feature = "alloc")]
 use crate::error::Result;
+use crate::options::Permissive;
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
 use core::fmt;
@@ -515,14 +516,77 @@ if_alloc! {
     impl<'a> Symtab<'a> {
         /// Parse a table of `count` ELF symbols from `offset`.
         pub fn parse(bytes: &'a [u8], offset: usize, count: usize, ctx: Ctx) -> Result<Symtab<'a>> {
-            let size = count
+            Self::parse_with_opts(bytes, offset, count, ctx, &crate::options::ParseOptions::default())
+        }
+
+        /// Parse a table of `count` ELF symbols from `offset` with options.
+        pub(crate) fn parse_with_opts(bytes: &'a [u8], offset: usize, count: usize, ctx: Ctx, opts: &crate::options::ParseOptions) -> Result<Symtab<'a>> {
+
+            // Validate offset is within bounds
+            if offset >= bytes.len() {
+                return Err(crate::error::Error::Malformed(
+                    format!("Symbol table offset ({}) is beyond file boundary ({})", offset, bytes.len())
+                )).or_permissive_and_value(
+                    opts.parse_mode.is_permissive(),
+                    "Symbol table offset is beyond file boundary, returning empty symbol table",
+                    Symtab { bytes: &[], count: 0, ctx, start: offset, end: offset }
+                );
+            }
+
+            // Check for extremely large counts
+            let mut actual_count = if count > usize::MAX {
+                Err(crate::error::Error::Malformed(
+                    format!("Symbol count ({}) exceeds maximum possible value", count)
+                ))
+                .or_permissive_and_then(
+                    opts.parse_mode.is_permissive(),
+                    "Symbol count exceeds maximum; truncating",
+                    || usize::MAX,
+                )?
+            } else {
+                count
+            };
+
+            let mut requested_size = actual_count
                 .checked_mul(Sym::size_with(&ctx))
                 .ok_or_else(|| crate::error::Error::Malformed(
-                    format!("Too many ELF symbols (offset {:#x}, count {})", offset, count)
+                    format!("Too many ELF symbols (offset {:#x}, count {})", offset, actual_count)
                 ))?;
-            // TODO: make this a better error message when too large
-            let bytes = bytes.pread_with(offset, size)?;
-            Ok(Symtab { bytes, count, ctx, start: offset, end: offset+size })
+
+            // Check if the requested size extends beyond the file
+            let available_bytes = bytes.len().saturating_sub(offset);
+            if requested_size > available_bytes {
+                let sym_size = Sym::size_with(&ctx);
+                let adjusted_count = if sym_size > 0 { available_bytes / sym_size } else { 0 };
+
+            let (new_size, new_count) = Err(crate::error::Error::Malformed(
+                format!("Symbol table extends beyond file boundary (requested: {}, available: {})",
+                        requested_size, available_bytes)
+            ))
+                .or_permissive_and_then(
+                    opts.parse_mode.is_permissive(),
+                    "Symbol table extends beyond file; truncating",
+                    || (available_bytes, adjusted_count),
+                )?;
+
+                requested_size = new_size;
+                actual_count = new_count;
+            }
+
+            bytes.pread_with(offset, requested_size)
+                .map_err(Into::into)
+                .map(|symbol_bytes| Symtab {
+                    bytes: symbol_bytes,
+                    count: actual_count,
+                    ctx,
+                    start: offset,
+                    end: offset + requested_size
+                })
+                .or_permissive_and_value(
+                    opts.parse_mode.is_permissive(),
+                    "Failed to read symbol table data",
+                    Symtab { bytes: &[], count: 0, ctx, start: offset, end: offset },
+                )
         }
 
         /// Try to parse a single symbol from the binary, at `index`.

src/lib.rs

@@ -110,7 +110,7 @@ macro_rules! if_alloc {
 
 #[cfg(feature = "alloc")]
 pub mod error;
-
+pub mod options;
 pub mod strtab;
 
 /// Binary container size information and byte-order context