scanelf: fix off-by-one shdr validity check

If a section header is at the end of the file, we end up incorrectly rejecting it due to a slightly restrictive validity check. Also drop some redundant shdr checks -- these came from the helper scanelf_file_get_symtabs, and that already makes sure to only return valid section headers. Reported-by: Dominik Mierzejewski <rpm@greysector.net>
author: Mike Frysinger <vapier@gentoo.org> 2015-03-10 00:17:53 -0400
committer: Mike Frysinger <vapier@gentoo.org> 2015-03-10 00:17:53 -0400
commit: 7609b76c57386b747cdc7dcb4ca440a472a38fbf (patch)
tree: 113b76ac5a3e0b4530cbab17f6cb95b0b01e18fc /paxelf.h
parent: scanelf: respect QA_EXECSTACK for .note.GNU-stack sections (diff)
download: pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.tar.gz
pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.tar.bz2
pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/paxelf.h b/paxelf.h
index 0610516..034e0d7 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -44,7 +44,7 @@ typedef struct {
 	 EGET(shdr->sh_type) != SHT_NOBITS && \
 	 EGET(shdr->sh_offset) < (uint64_t)elf->len && \
 	 EGET(shdr->sh_size) < (uint64_t)elf->len && \
-	 EGET(shdr->sh_offset) < elf->len - EGET(shdr->sh_size))
+	 EGET(shdr->sh_offset) <= elf->len - EGET(shdr->sh_size))
 
 /* prototypes */
 extern char *pax_short_hf_flags(unsigned long flags);
author	Mike Frysinger <vapier@gentoo.org>	2015-03-10 00:17:53 -0400
committer	Mike Frysinger <vapier@gentoo.org>	2015-03-10 00:17:53 -0400
commit	7609b76c57386b747cdc7dcb4ca440a472a38fbf (patch)
tree	113b76ac5a3e0b4530cbab17f6cb95b0b01e18fc /paxelf.h
parent	scanelf: respect QA_EXECSTACK for .note.GNU-stack sections (diff)
download	pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.tar.gz pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.tar.bz2 pax-utils-7609b76c57386b747cdc7dcb4ca440a472a38fbf.zip