Print this page
5578 file(1) should validate Elf_Shdr->sh_name
*** 417,427 ****
{
int capn, mac;
int i, j, idx;
FILE_ELF_OFF_T cap_off;
FILE_ELF_SIZE_T csize;
! char *section_name;
Elf_Cap Chdr;
Elf_Shdr *shdr = &EI_Shdr;
csize = sizeof (Elf_Cap);
--- 417,428 ----
{
int capn, mac;
int i, j, idx;
FILE_ELF_OFF_T cap_off;
FILE_ELF_SIZE_T csize;
! char *strtab;
! size_t strtab_sz;
Elf_Cap Chdr;
Elf_Shdr *shdr = &EI_Shdr;
csize = sizeof (Elf_Cap);
*** 433,452 ****
/* read section names from String Section */
if (get_shdr(EI, EI_Ehdr_shstrndx) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
! if ((section_name = malloc(shdr->sh_size)) == NULL)
return (ELF_READ_FAIL);
! if (pread64(EI->elffd, section_name, shdr->sh_size, shdr->sh_offset)
!= shdr->sh_size)
return (ELF_READ_FAIL);
/* read all the sections and process them */
for (idx = 1, i = 0; i < EI_Ehdr_shnum; idx++, i++) {
! char *str;
if (get_shdr(EI, i) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
if (shdr->sh_type == SHT_NULL) {
--- 434,455 ----
/* read section names from String Section */
if (get_shdr(EI, EI_Ehdr_shstrndx) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
! if ((strtab = malloc(shdr->sh_size)) == NULL)
return (ELF_READ_FAIL);
! if (pread64(EI->elffd, strtab, shdr->sh_size, shdr->sh_offset)
!= shdr->sh_size)
return (ELF_READ_FAIL);
+ strtab_sz = shdr->sh_size;
+
/* read all the sections and process them */
for (idx = 1, i = 0; i < EI_Ehdr_shnum; idx++, i++) {
! char *shnam;
if (get_shdr(EI, i) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
if (shdr->sh_type == SHT_NULL) {
*** 536,553 ****
(shdr->sh_type == SHT_SYMTAB)) {
EI->stripped |= E_SYMTAB;
continue;
}
! str = §ion_name[shdr->sh_name];
if (!(EI->stripped & E_DBGINF) &&
((shdr->sh_type == SHT_SUNW_DEBUG) ||
(shdr->sh_type == SHT_SUNW_DEBUGSTR) ||
! (is_in_list(str)))) {
EI->stripped |= E_DBGINF;
}
}
! free(section_name);
return (ELF_READ_OKAY);
}
--- 539,559 ----
(shdr->sh_type == SHT_SYMTAB)) {
EI->stripped |= E_SYMTAB;
continue;
}
! if (shdr->sh_name >= strtab_sz)
! shnam = NULL;
! else
! shnam = &strtab[shdr->sh_name];
if (!(EI->stripped & E_DBGINF) &&
((shdr->sh_type == SHT_SUNW_DEBUG) ||
(shdr->sh_type == SHT_SUNW_DEBUGSTR) ||
! (shnam != NULL && is_in_list(shnam)))) {
EI->stripped |= E_DBGINF;
}
}
! free(strtab);
return (ELF_READ_OKAY);
}