From 7609b76c57386b747cdc7dcb4ca440a472a38fbf Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 10 Mar 2015 00:17:53 -0400 Subject: scanelf: fix off-by-one shdr validity check If a section header is at the end of the file, we end up incorrectly rejecting it due to a slightly restrictive validity check. Also drop some redundant shdr checks -- these came from the helper scanelf_file_get_symtabs, and that already makes sure to only return valid section headers. Reported-by: Dominik Mierzejewski --- paxelf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'paxelf.h') diff --git a/paxelf.h b/paxelf.h index 0610516..034e0d7 100644 --- a/paxelf.h +++ b/paxelf.h @@ -44,7 +44,7 @@ typedef struct { EGET(shdr->sh_type) != SHT_NOBITS && \ EGET(shdr->sh_offset) < (uint64_t)elf->len && \ EGET(shdr->sh_size) < (uint64_t)elf->len && \ - EGET(shdr->sh_offset) < elf->len - EGET(shdr->sh_size)) + EGET(shdr->sh_offset) <= elf->len - EGET(shdr->sh_size)) /* prototypes */ extern char *pax_short_hf_flags(unsigned long flags); -- cgit v1.2.3-65-gdbad