git.ipfire.org Git - thirdparty/grub.git/commit

author	Alec Brown <alec.r.brown@oracle.com>
	Fri, 12 Aug 2022 22:25:46 +0000 (18:25 -0400)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Fri, 19 Aug 2022 20:26:53 +0000 (22:26 +0200)
commit	385d9060070f7676f5b97b7449c2e2bd31270148
tree	4d60e566c53e87bdd6b23b87170b1e6d3d55dee8	tree
parent	27a14a8ae2a3512a7db454c72dd6a4d2bde59538	commit \| diff

elf: Validate elf section header table index for section name string table

In multiboot_elfxx.c, e_shstrndx is used to obtain the section header table
index of the section name string table, but it wasn't being checked if the value
was there.

According to the elf(5) manual page,
"If the index of section name string table section is larger than or equal to
SHN_LORESERVE (0xff00), this member holds SHN_XINDEX (0xffff) and the real
index of the section name string table section is held in the sh_link member of
the initial entry in section header table. Otherwise, the sh_link member of the
initial entry in section header table contains the value zero."

Since this check wasn't being made, grub_elfXX_get_shstrndx() is being added to
elfXX.c to make this check and use e_shstrndx if it doesn't have SHN_XINDEX as a
value, else use sh_link. We also need to make sure e_shstrndx isn't greater than
or equal to SHN_LORESERVE and sh_link isn't less than SHN_LORESERVE.

Note that even though elf.c and elfXX.c are located in grub-core/kern, they are
compiled as modules and don't need the EXPORT_FUNC() macro to define the functions
in elf.h.

Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/kern/elf.c		diff \| blob \| blame \| history
grub-core/kern/elfXX.c		diff \| blob \| blame \| history
grub-core/loader/multiboot_elfxx.c		diff \| blob \| blame \| history
include/grub/elf.h		diff \| blob \| blame \| history