Print this page
5578 file(1) should validate Elf_Shdr->sh_name
@@ -417,11 +417,12 @@
{
int capn, mac;
int i, j, idx;
FILE_ELF_OFF_T cap_off;
FILE_ELF_SIZE_T csize;
- char *section_name;
+ char *strtab;
+ size_t strtab_sz;
Elf_Cap Chdr;
Elf_Shdr *shdr = &EI_Shdr;
csize = sizeof (Elf_Cap);
@@ -433,20 +434,22 @@
/* read section names from String Section */
if (get_shdr(EI, EI_Ehdr_shstrndx) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
- if ((section_name = malloc(shdr->sh_size)) == NULL)
+ if ((strtab = malloc(shdr->sh_size)) == NULL)
return (ELF_READ_FAIL);
- if (pread64(EI->elffd, section_name, shdr->sh_size, shdr->sh_offset)
+ if (pread64(EI->elffd, strtab, shdr->sh_size, shdr->sh_offset)
!= shdr->sh_size)
return (ELF_READ_FAIL);
+ strtab_sz = shdr->sh_size;
+
/* read all the sections and process them */
for (idx = 1, i = 0; i < EI_Ehdr_shnum; idx++, i++) {
- char *str;
+ char *shnam;
if (get_shdr(EI, i) == ELF_READ_FAIL)
return (ELF_READ_FAIL);
if (shdr->sh_type == SHT_NULL) {
@@ -536,18 +539,21 @@
(shdr->sh_type == SHT_SYMTAB)) {
EI->stripped |= E_SYMTAB;
continue;
}
- str = §ion_name[shdr->sh_name];
+ if (shdr->sh_name >= strtab_sz)
+ shnam = NULL;
+ else
+ shnam = &strtab[shdr->sh_name];
if (!(EI->stripped & E_DBGINF) &&
((shdr->sh_type == SHT_SUNW_DEBUG) ||
(shdr->sh_type == SHT_SUNW_DEBUGSTR) ||
- (is_in_list(str)))) {
+ (shnam != NULL && is_in_list(shnam)))) {
EI->stripped |= E_DBGINF;
}
}
- free(section_name);
+ free(strtab);
return (ELF_READ_OKAY);
}