From: Mark Wielaard <mjw@redhat.com>
Date: Wed, 13 May 2015 13:21:57 +0000 (+0200)
Subject: libelf: If e_phnum is zero then set e_phoff also to zero.
X-Git-Tag: elfutils-0.162~57
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2297eab17b7dbb98021b51f063f71d1cdc7893a;p=thirdparty%2Felfutils.git

libelf: If e_phnum is zero then set e_phoff also to zero.

If phnum is zero make sure e_phoff is also zero and not some random value.
That would cause trouble in update_file. This could happen when ELF_F_LAYOUT
is set and the user copied over a ehdr from a bogus ELF file where the phdrs
are unreadable. In that case trying to write out the new ELF image would
crash trying to follow the bogus e_phdr value.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 0b9b47817..2d10b83e8 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-13  Mark Wielaard  <mjw@redhat.com>
+
+	* elf32_updatenull.c (default_ehdr): If e_phnum is zero then set
+	e_phoff also to zero.
+
 2015-05-12  Mark Wielaard  <mjw@redhat.com>
 
 	* elf32_updatenull.c (updatenull_wrlock): Check that sh_addralign
diff --git a/libelf/elf32_updatenull.c b/libelf/elf32_updatenull.c
index a0de80e10..c59ffcbdf 100644
--- a/libelf/elf32_updatenull.c
+++ b/libelf/elf32_updatenull.c
@@ -106,6 +106,14 @@ ELFW(default_ehdr,LIBELFBITS) (Elf *elf, ElfW2(LIBELFBITS,Ehdr) *ehdr,
       elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY;
     }
 
+  /* If phnum is zero make sure e_phoff is also zero and not some random
+     value.  That would cause trouble in update_file.  */
+  if (ehdr->e_phnum == 0 && ehdr->e_phoff != 0)
+    {
+      ehdr->e_phoff = 0;
+      elf->state.ELFW(elf,LIBELFBITS).ehdr_flags |= ELF_F_DIRTY;
+    }
+
   return 0;
 }