commit: d4b9d92c41d34bd8716ba9cd964dcad87e235bf0
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 12 22:41:38 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 12 22:41:38 2015 +0000
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d4b9d92c
scanelf: improve string table check a bit
The readelf helper will validate e_shnum for us, so re-use that
check to make sure the e_shstrndx field is within range too.
scanelf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scanelf.c b/scanelf.c
index 7e3b077..57c5156 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -461,15 +461,15 @@ static char *scanelf_file_phdr(elfobj *elf, char
*found_phdr, char *found_relro,
Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \
uint16_t shstrndx = EGET(ehdr->e_shstrndx); \
Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \
- if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \
- !VALID_SHDR(elf, strtbl)) \
+ uint16_t shnum = EGET(ehdr->e_shnum); \
+ if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) \
goto corrupt_shdr; \
/* let's flag -w/+x object files since the final ELF will most
likely \
* need write access to the stack (who doesn't !?). so the
combined \
* output will bring in +w automatically and that's bad. \
*/ \
check_flags = /*SHF_WRITE|*/SHF_EXECINSTR; \
- for (i = 0; i < EGET(ehdr->e_shnum); ++i) { \
+ for (i = 0; i < shnum; ++i) { \
if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \
offset = EGET(strtbl->sh_offset) +
EGET(shdr[i].sh_name); \
if (offset >= elf->len - sizeof(NOTE_GNU_STACK)) \
