1 |
commit: 2b082492cbe31270c7a74f1127a3433091b43db6 |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Mar 14 06:41:20 2015 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Mar 14 06:44:32 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2b082492 |
7 |
|
8 |
scanelf: handle more corrupt elf symbol tables |
9 |
|
10 |
scanelf.c | 10 +++++++--- |
11 |
1 file changed, 7 insertions(+), 3 deletions(-) |
12 |
|
13 |
diff --git a/scanelf.c b/scanelf.c |
14 |
index 599e2ed..a50b6e4 100644 |
15 |
--- a/scanelf.c |
16 |
+++ b/scanelf.c |
17 |
@@ -461,8 +461,9 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, |
18 |
Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \ |
19 |
uint16_t shstrndx = EGET(ehdr->e_shstrndx); \ |
20 |
Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \ |
21 |
- if (shstrndx >= elf->len - sizeof(*strtbl) || !VALID_SHDR(elf, strtbl)) \ |
22 |
- goto skip_this_shdr##B; \ |
23 |
+ if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \ |
24 |
+ !VALID_SHDR(elf, strtbl)) \ |
25 |
+ goto corrupt_shdr; \ |
26 |
/* let's flag -w/+x object files since the final ELF will most likely \ |
27 |
* need write access to the stack (who doesn't !?). so the combined \ |
28 |
* output will bring in +w automatically and that's bad. \ |
29 |
@@ -489,7 +490,6 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, |
30 |
break; \ |
31 |
} \ |
32 |
} \ |
33 |
- skip_this_shdr##B: \ |
34 |
if (!multi_stack) { \ |
35 |
if (file_matches_list(elf->filename, qa_execstack)) \ |
36 |
return NULL; \ |
37 |
@@ -506,6 +506,10 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, |
38 |
return NULL; |
39 |
else |
40 |
return ret; |
41 |
+ |
42 |
+ corrupt_shdr: |
43 |
+ warnf("%s: section table is corrupt", elf->filename); |
44 |
+ return NULL; |
45 |
} |
46 |
|
47 |
/* |