1 files changed, 71 insertions, 49 deletions

diff --git a/src/libelf/elf_getshdrstrndx.c b/src/libelf/elf_getshdrstrndx.c
index a1aba5ff..6f8d66e8 100644
--- a/src/libelf/elf_getshdrstrndx.c
+++ b/src/libelf/elf_getshdrstrndx.c
@@ -1,52 +1,31 @@
 /* Return section index of section header string table.
-   Copyright (C) 2002, 2005, 2009 Red Hat, Inc.
-   This file is part of Red Hat elfutils.
+   Copyright (C) 2002, 2005, 2009, 2014 Red Hat, Inc.
+   This file is part of elfutils.
    Written by Ulrich Drepper <drepper@redhat.com>, 2002.
 
-   Red Hat elfutils is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by the
-   Free Software Foundation; version 2 of the License.
+   This file is free software; you can redistribute it and/or modify
+   it under the terms of either
 
-   Red Hat elfutils is distributed in the hope that it will be useful, but
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at
+       your option) any later version
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at
+       your option) any later version
+
+   or both in parallel, as here.
+
+   elfutils is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.
 
-   You should have received a copy of the GNU General Public License along
-   with Red Hat elfutils; if not, write to the Free Software Foundation,
-   Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA.
-
-   In addition, as a special exception, Red Hat, Inc. gives You the
-   additional right to link the code of Red Hat elfutils with code licensed
-   under any Open Source Initiative certified open source license
-   (http://www.opensource.org/licenses/index.php) which requires the
-   distribution of source code with any binary distribution and to
-   distribute linked combinations of the two.  Non-GPL Code permitted under
-   this exception must only link to the code of Red Hat elfutils through
-   those well defined interfaces identified in the file named EXCEPTION
-   found in the source code files (the "Approved Interfaces").  The files
-   of Non-GPL Code may instantiate templates or use macros or inline
-   functions from the Approved Interfaces without causing the resulting
-   work to be covered by the GNU General Public License.  Only Red Hat,
-   Inc. may make changes or additions to the list of Approved Interfaces.
-   Red Hat's grant of this exception is conditioned upon your not adding
-   any new exceptions.  If you wish to add a new Approved Interface or
-   exception, please contact Red Hat.  You must obey the GNU General Public
-   License in all respects for all of the Red Hat elfutils code and other
-   code used in conjunction with Red Hat elfutils except the Non-GPL Code
-   covered by this exception.  If you modify this file, you may extend this
-   exception to your version of the file, but you are not obligated to do
-   so.  If you do not wish to provide this exception without modification,
-   you must delete this exception statement from your version and license
-   this file solely under the GPL without exception.
-
-   Red Hat elfutils is an included package of the Open Invention Network.
-   An included package of the Open Invention Network is a package for which
-   Open Invention Network licensees cross-license their patents.  No patent
-   license is granted, either expressly or impliedly, by designation as an
-   included package.  Should you wish to participate in the Open Invention
-   Network licensing program, please visit www.openinventionnetwork.com
-   <http://www.openinventionnetwork.com>.  */
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see <http://www.gnu.org/licenses/>.  */
 
 #ifdef HAVE_CONFIG_H
 # include <config.h>
@@ -113,6 +92,13 @@ elf_getshdrstrndx (elf, dst)
 	  if (elf->class == ELFCLASS32)
 	    {
 	      size_t offset;
+	      if (unlikely (elf->state.elf32.scns.cnt == 0))
+		{
+		  /* Cannot use SHN_XINDEX without section headers.  */
+		  __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+		  result = -1;
+		  goto out;
+		}
 
 	      if (elf->state.elf32.scns.data[0].shdr.e32 != NULL)
 		{
@@ -125,10 +111,25 @@ elf_getshdrstrndx (elf, dst)
 	      if (elf->map_address != NULL
 		  && elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
 		  && (ALLOW_UNALIGNED
-		      || (((size_t) ((char *) elf->map_address + offset))
+		      || (((size_t) ((char *) elf->map_address
+			   + elf->start_offset + offset))
 			  & (__alignof__ (Elf32_Shdr) - 1)) == 0))
-		/* We can directly access the memory.  */
-		num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
+		{
+		  /* First see whether the information in the ELF header is
+		     valid and it does not ask for too much.  */
+		  if (unlikely (elf->maximum_size - offset
+				< sizeof (Elf32_Shdr)))
+		    {
+		      /* Something is wrong.  */
+		      __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+		      result = -1;
+		      goto out;
+		    }
+
+		  /* We can directly access the memory.  */
+		  num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
+					 + offset))->sh_link;
+		}
 	      else
 		{
 		  /* We avoid reading in all the section headers.  Just read
@@ -152,6 +153,14 @@ elf_getshdrstrndx (elf, dst)
 	    }
 	  else
 	    {
+	      if (unlikely (elf->state.elf64.scns.cnt == 0))
+		{
+		  /* Cannot use SHN_XINDEX without section headers.  */
+		  __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+		  result = -1;
+		  goto out;
+		}
+
 	      if (elf->state.elf64.scns.data[0].shdr.e64 != NULL)
 		{
 		  num = elf->state.elf64.scns.data[0].shdr.e64->sh_link;
@@ -163,10 +172,25 @@ elf_getshdrstrndx (elf, dst)
 	      if (elf->map_address != NULL
 		  && elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
 		  && (ALLOW_UNALIGNED
-		      || (((size_t) ((char *) elf->map_address + offset))
+		      || (((size_t) ((char *) elf->map_address
+			   + elf->start_offset + offset))
 			  & (__alignof__ (Elf64_Shdr) - 1)) == 0))
-		/* We can directly access the memory.  */
-		num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
+		{
+		  /* First see whether the information in the ELF header is
+		     valid and it does not ask for too much.  */
+		  if (unlikely (elf->maximum_size - offset
+				< sizeof (Elf64_Shdr)))
+		    {
+		      /* Something is wrong.  */
+		      __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+		      result = -1;
+		      goto out;
+		    }
+
+		  /* We can directly access the memory.  */
+		  num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset
+					 + offset))->sh_link;
+		}
 	      else
 		{
 		  /* We avoid reading in all the section headers.  Just read
@@ -202,6 +226,4 @@ elf_getshdrstrndx (elf, dst)
 }
 INTDEF(elf_getshdrstrndx)
 /* Alias for the deprecated name.  */
-#ifndef __APPLE__
 strong_alias (elf_getshdrstrndx, elf_getshstrndx)
-#endif