From: Michael Tremer Date: Sat, 26 Oct 2024 15:46:33 +0000 (+0000) Subject: linter: Check if files have been stripped X-Git-Tag: 0.9.30~816 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0709d1380282ac11f2a403fef1867f09e9dce207;p=pakfire.git linter: Check if files have been stripped Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index 8843c21fd..956a1f2be 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -1789,159 +1789,6 @@ PAKFIRE_EXPORT int pakfire_file_matches(struct pakfire_file* file, const char* p return pakfire_path_match(pattern, path); } -/* - ELF Stuff -*/ - -static int pakfire_file_open_elf(struct pakfire_file* file, - int (*callback)(struct pakfire_file* file, Elf* elf, void* data), void* data) { - FILE* f = NULL; - Elf* elf = NULL; - int r; - - // Don't run this for non-ELF files - if (!pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) { - errno = EINVAL; - return 1; - } - - // Setup libelf - r = setup_libelf(file->ctx); - if (r) - return r; - - // Open the file - f = pakfire_file_open(file); - if (!f) { - ERROR(file->ctx, "Could not open %s: %m\n", pakfire_file_get_abspath(file)); - return 1; - } - - // Parse the ELF header - elf = elf_begin(fileno(f), ELF_C_READ, NULL); - if (!elf) { - ERROR(file->ctx, "Could not open ELF file: %s\n", elf_errmsg(-1)); - r = 1; - goto ERROR; - } - - // Check if this is an ELF file - switch (elf_kind(elf)) { - case ELF_K_ELF: - break; - - default: - ERROR(file->ctx, "%s is not an ELF object\n", pakfire_file_get_path(file)); - r = 1; - goto ERROR; - } - - // Call the callback - r = callback(file, elf, data); - -ERROR: - if (elf) - elf_end(elf); - if (f) - fclose(f); - - return r; -} - -static int pakfire_file_get_elf_section(struct pakfire_file* file, - Elf* elf, const Elf64_Word type, Elf_Scn** section, GElf_Shdr* header, Elf_Data** data) { - Elf_Scn* s = NULL; - - GElf_Shdr shdr; - - // Walk through all sections - for (;;) { - s = elf_nextscn(elf, s); - if (!s) - break; - - // Fetch the section header - gelf_getshdr(s, &shdr); - - // Return any matching sections - if (shdr.sh_type == type) { - *section = s; - - // Send header if requested - if (header) - gelf_getshdr(s, header); - - // Send data if requested - if (data) - *data = elf_getdata(s, NULL); - - return 0; - } - } - - // No section found - return 1; -} - -static int __pakfire_file_get_elf_type(struct pakfire_file* file, Elf* elf, void* data) { - int* type = (int*)data; - GElf_Ehdr ehdr; - - // Fetch the ELF header - if (!gelf_getehdr(elf, &ehdr)) { - ERROR(file->ctx, "Could not parse ELF header: %s\n", elf_errmsg(-1)); - return 1; - } - - // Store the type - *type = ehdr.e_type; - - return 0; -} - -static int pakfire_file_get_elf_type(struct pakfire_file* file) { - int type = ET_NONE; - int r; - - r = pakfire_file_open_elf(file, __pakfire_file_get_elf_type, &type); - if (r) - return -1; - - return type; -} - -static int __pakfire_file_check_debuginfo(struct pakfire_file* file, Elf* elf, void* data) { - Elf_Scn* symtab = NULL; - int r; - - // Fetch the symbol table - r = pakfire_file_get_elf_section(file, elf, SHT_SYMTAB, &symtab, NULL, NULL); - - // Not found - if (r) { - DEBUG(file->ctx, "%s has no debug sections\n", pakfire_file_get_path(file)); - - // Store the result - file->issues |= PAKFIRE_FILE_MISSING_DEBUGINFO; - } - - return 0; -} - -static int pakfire_file_check_debuginfo(struct pakfire_file* file) { - switch (pakfire_file_get_elf_type(file)) { - // Do not check Relocatable Objects - case ET_REL: - return 0; - - // Check everything else - default: - break; - } - - return pakfire_file_open_elf(file, __pakfire_file_check_debuginfo, NULL); -} - static int pakfire_file_get_script_interpreter(struct pakfire_file* file, char** interpreter) { FILE* f = NULL; char shebang[1024]; @@ -2265,25 +2112,6 @@ int pakfire_file_check(struct pakfire_file* file, int* issues) { if (r) return r; - // Run these checks only for ELF files - if (pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) { - switch (pakfire_file_get_elf_type(file)) { - // Do not check Relocatable Objects - case ET_REL: - goto DONE; - - // Check everything else - default: - break; - } - - // Check if the file has debug info - r = pakfire_file_check_debuginfo(file); - if (r) - return r; - } - -DONE: // All checks done file->check_done = 1; } diff --git a/src/libpakfire/linter-file.c b/src/libpakfire/linter-file.c index 35fa67777..69fbdd640 100644 --- a/src/libpakfire/linter-file.c +++ b/src/libpakfire/linter-file.c @@ -805,6 +805,37 @@ static int pakfire_linter_file_check_cf_protection(struct pakfire_linter_file* l return pakfire_linter_file_elf(lfile, __pakfire_linter_file_check_cf_protection, NULL); } +static int __pakfire_linter_file_is_stripped( + struct pakfire_linter_file* lfile, Elf* elf, void* data) { + Elf_Scn* symtab = NULL; + int r; + + // Fetch the symbol table + r = pakfire_linter_file_get_elf_section(lfile, elf, SHT_SYMTAB, &symtab, NULL, NULL); + if (r < 0) + return r; + + // If we have found the symbol table we are not stripped + else if (r == 0) + return pakfire_linter_file_error(lfile, "Not Stripped"); + + return 0; +} + +static int pakfire_linter_file_is_stripped(struct pakfire_linter_file* lfile) { + switch (pakfire_linter_file_get_elf_type(lfile)) { + // Do not check Relocatable Objects + case ET_REL: + return 0; + + // Check everything else + default: + break; + } + + return pakfire_linter_file_elf(lfile, __pakfire_linter_file_is_stripped, NULL); +} + int pakfire_linter_file_lint(struct pakfire_linter_file* lfile) { int r = 0; @@ -827,6 +858,11 @@ int pakfire_linter_file_lint(struct pakfire_linter_file* lfile) { // ELF Checks if (pakfire_linter_file_is_elf(lfile)) { + // Check if stripped + r = pakfire_linter_file_is_stripped(lfile); + if (r < 0) + return r; + // Check PIE r = pakfire_linter_file_check_pie(lfile); if (r < 0)