From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 87F131384B4 for ; Sat, 12 Dec 2015 22:45:57 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CF64D21C010; Sat, 12 Dec 2015 22:45:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 761FD21C010 for ; Sat, 12 Dec 2015 22:45:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8C5FF3403C1 for ; Sat, 12 Dec 2015 22:45:48 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CCE50E5B for ; Sat, 12 Dec 2015 22:45:45 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1449960098.d4b9d92c41d34bd8716ba9cd964dcad87e235bf0.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: scanelf.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: d4b9d92c41d34bd8716ba9cd964dcad87e235bf0 X-VCS-Branch: master Date: Sat, 12 Dec 2015 22:45:45 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 3cdb4d76-605d-4b0d-9dcf-99849e1f609d X-Archives-Hash: a4cde10f213ac453922f852d009577fd commit: d4b9d92c41d34bd8716ba9cd964dcad87e235bf0 Author: Mike Frysinger gentoo org> AuthorDate: Sat Dec 12 22:41:38 2015 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Sat Dec 12 22:41:38 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d4b9d92c scanelf: improve string table check a bit The readelf helper will validate e_shnum for us, so re-use that check to make sure the e_shstrndx field is within range too. scanelf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scanelf.c b/scanelf.c index 7e3b077..57c5156 100644 --- a/scanelf.c +++ b/scanelf.c @@ -461,15 +461,15 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \ uint16_t shstrndx = EGET(ehdr->e_shstrndx); \ Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \ - if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \ - !VALID_SHDR(elf, strtbl)) \ + uint16_t shnum = EGET(ehdr->e_shnum); \ + if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) \ goto corrupt_shdr; \ /* let's flag -w/+x object files since the final ELF will most likely \ * need write access to the stack (who doesn't !?). so the combined \ * output will bring in +w automatically and that's bad. \ */ \ check_flags = /*SHF_WRITE|*/SHF_EXECINSTR; \ - for (i = 0; i < EGET(ehdr->e_shnum); ++i) { \ + for (i = 0; i < shnum; ++i) { \ if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \ offset = EGET(strtbl->sh_offset) + EGET(shdr[i].sh_name); \ if (offset >= elf->len - sizeof(NOTE_GNU_STACK)) \