From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D82A1138CCD for ; Sun, 29 Mar 2015 20:07:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 704B6E0895; Sun, 29 Mar 2015 20:07:47 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1DF23E0895 for ; Sun, 29 Mar 2015 20:07:47 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 23920340812 for ; Sun, 29 Mar 2015 20:07:46 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id A98DA14CC1 for ; Sun, 29 Mar 2015 20:07:42 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1426315472.2b082492cbe31270c7a74f1127a3433091b43db6.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: scanelf.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 2b082492cbe31270c7a74f1127a3433091b43db6 X-VCS-Branch: master Date: Sun, 29 Mar 2015 20:07:42 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a7ae2e5c-d79b-4ac5-9a46-090e508eddba X-Archives-Hash: 6cfebe9e12926cf3a54fc0292b4488ec commit: 2b082492cbe31270c7a74f1127a3433091b43db6 Author: Mike Frysinger gentoo org> AuthorDate: Sat Mar 14 06:41:20 2015 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Sat Mar 14 06:44:32 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2b082492 scanelf: handle more corrupt elf symbol tables scanelf.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scanelf.c b/scanelf.c index 599e2ed..a50b6e4 100644 --- a/scanelf.c +++ b/scanelf.c @@ -461,8 +461,9 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \ uint16_t shstrndx = EGET(ehdr->e_shstrndx); \ Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \ - if (shstrndx >= elf->len - sizeof(*strtbl) || !VALID_SHDR(elf, strtbl)) \ - goto skip_this_shdr##B; \ + if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \ + !VALID_SHDR(elf, strtbl)) \ + goto corrupt_shdr; \ /* let's flag -w/+x object files since the final ELF will most likely \ * need write access to the stack (who doesn't !?). so the combined \ * output will bring in +w automatically and that's bad. \ @@ -489,7 +490,6 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, break; \ } \ } \ - skip_this_shdr##B: \ if (!multi_stack) { \ if (file_matches_list(elf->filename, qa_execstack)) \ return NULL; \ @@ -506,6 +506,10 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, return NULL; else return ret; + + corrupt_shdr: + warnf("%s: section table is corrupt", elf->filename); + return NULL; } /*