File elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch of Package elfutils.8903

From: Mark Wielaard <mark at klomp dot org>
Subject: [PATCH] elflint: Sanity check the number of phdrs and shdrs available.
Date: Tue, 28 Mar 2017 01:25:34 +0200
References: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
Upstream: https://sourceware.org/ml/elfutils-devel/2017-q1/msg00134.html
Signed-off-by: Joao Moreira <jmoreira@suse.de>
Reference: bnc#1033090

Make sure we can at least read the shnum sections or phnum segments.
Limit the number we do check to those we can actually read.

https://sourceware.org/bugzilla/show_bug.cgi?id=21312

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/elflint.c | 26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+)

diff --git a/src/elflint.c b/src/elflint.c
index 5e95ca9..6c83a77 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -456,6 +456,19 @@ invalid number of section header table entries\n"));
 	ERROR (gettext ("invalid section header index\n"));
     }
 
+  /* Check the shdrs actually exist. */
+  unsigned int scnt;
+  Elf_Scn *scn = NULL;
+  for (scnt = 1; scnt < shnum; ++scnt)
+     {
+	scn = elf_nextscn (ebl->elf, scn);
+	if (scn == NULL)
+	  break;
+     }
+  if (scnt < shnum)
+    ERROR (gettext ("Can only check %u headers, shnum was %u\n"), scnt, shnum);
+  shnum = scnt;
+
   phnum = ehdr->e_phnum;
   if (ehdr->e_phnum == PN_XNUM)
     {
@@ -474,6 +487,19 @@ invalid number of program header table entries\n"));
 	}
     }
 
+  /* Check the phdrs actually exist. */
+  unsigned int pcnt;
+  for (pcnt = 0; pcnt < phnum; ++pcnt)
+     {
+	GElf_Phdr phdr_mem;
+	GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
+	if (phdr == NULL)
+	  break;
+     }
+  if (pcnt < phnum)
+    ERROR (gettext ("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
+  phnum = pcnt;
+
   /* Check the e_flags field.  */
   if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
     ERROR (gettext ("invalid machine flags: %s\n"),
-- 
2.9.3
openSUSE Build Service is sponsored by