diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-12-12 17:41:38 -0500 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-12-12 17:41:38 -0500 |
commit | d4b9d92c41d34bd8716ba9cd964dcad87e235bf0 (patch) | |
tree | 06d9784a0f6f8a53823d14edf85cc88578ee1d7d | |
parent | dumpelf: handle invalid section names (diff) | |
download | pax-utils-d4b9d92c41d34bd8716ba9cd964dcad87e235bf0.tar.gz pax-utils-d4b9d92c41d34bd8716ba9cd964dcad87e235bf0.tar.bz2 pax-utils-d4b9d92c41d34bd8716ba9cd964dcad87e235bf0.zip |
scanelf: improve string table check a bit
The readelf helper will validate e_shnum for us, so re-use that
check to make sure the e_shstrndx field is within range too.
-rw-r--r-- | scanelf.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -461,15 +461,15 @@ static char *scanelf_file_phdr(elfobj *elf, char *found_phdr, char *found_relro, Elf ## B ## _Shdr *shdr = SHDR ## B (elf->shdr); \ uint16_t shstrndx = EGET(ehdr->e_shstrndx); \ Elf ## B ## _Shdr *strtbl = shdr + shstrndx; \ - if (shstrndx * sizeof(*shdr) >= elf->len - sizeof(*shdr) || \ - !VALID_SHDR(elf, strtbl)) \ + uint16_t shnum = EGET(ehdr->e_shnum); \ + if (shstrndx >= shnum || !VALID_SHDR(elf, strtbl)) \ goto corrupt_shdr; \ /* let's flag -w/+x object files since the final ELF will most likely \ * need write access to the stack (who doesn't !?). so the combined \ * output will bring in +w automatically and that's bad. \ */ \ check_flags = /*SHF_WRITE|*/SHF_EXECINSTR; \ - for (i = 0; i < EGET(ehdr->e_shnum); ++i) { \ + for (i = 0; i < shnum; ++i) { \ if (EGET(shdr[i].sh_type) != SHT_PROGBITS) continue; \ offset = EGET(strtbl->sh_offset) + EGET(shdr[i].sh_name); \ if (offset >= elf->len - sizeof(NOTE_GNU_STACK)) \ |