From c2297eab17b7dbb98021b51f063f71d1cdc7893a Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 13 May 2015 15:21:57 +0200 Subject: [PATCH] libelf: If e_phnum is zero then set e_phoff also to zero. If phnum is zero make sure e_phoff is also zero and not some random value. That would cause trouble in update_file. This could happen when ELF_F_LAYOUT is set and the user copied over a ehdr from a bogus ELF file where the phdrs are unreadable. In that case trying to write out the new ELF image would crash trying to follow the bogus e_phdr value. Signed-off-by: Mark Wielaard --- libelf/ChangeLog | 5 +++++ libelf/elf32_updatenull.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 0b9b478..2d10b83 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2015-05-13 Mark Wielaard + + * elf32_updatenull.c (default_ehdr): If e_phnum is zero then set + e_phoff also to zero. + 2015-05-12 Mark Wielaard * elf32_updatenull.c (updatenull_wrlock): Check that sh_addralign diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c index a0de80e..c59ffcb 100644 --- a/libelf/elf32_updatenull.c +++ b/libelf/elf32_updatenull.c @@ -106,6 +106,14 @@ ELFW(default_ehdr,LIBELFBITS) (Elf *elf, ElfW2(LIBELFBITS,Ehdr) *ehdr, elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY; } + /* If phnum is zero make sure e_phoff is also zero and not some random + value. That would cause trouble in update_file. */ + if (ehdr->e_phnum == 0 && ehdr->e_phoff != 0) + { + ehdr->e_phoff = 0; + elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY; + } + return 0; } -- 2.7.4