From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 13 Mar 2023 15:34:08 +0000 (+0000)
Subject: file: Skip SSP check for data libraries
X-Git-Tag: 0.9.29~322
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f7c90efdf43161a1b46f2db4bf46750ca9961f0;p=pakfire.git

file: Skip SSP check for data libraries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index 94d8ff045..20df1dc98 100644
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1659,6 +1659,9 @@ static int __pakfire_file_hardening_check_ssp(
 	GElf_Sym symbol;
 	const char* name = NULL;
 
+	// Count any global functions
+	size_t counter = 0;
+
 	// Walk through all sections
 	for (;;) {
 		section = elf_nextscn(elf, section);
@@ -1692,6 +1695,18 @@ static int __pakfire_file_hardening_check_ssp(
 		// Exit if there is a symbol called "__stack_chk_fail"
 		if (pakfire_string_startswith(name, "__stack_chk_fail"))
 			return 0;
+
+		// Count any global functions
+		if ((ELF64_ST_BIND(symbol.st_info) == STB_GLOBAL) &&
+				(ELF64_ST_TYPE(symbol.st_info) == STT_FUNC))
+			counter++;
+	}
+
+	// We do not perform the check for libraries that do not contain any functions.
+	// Some packages use shared libraries to provide data.
+	if (!counter) {
+		DEBUG(file->pakfire, "%s: File has no functions. Skipping SSP check.\n", file->path);
+		return 0;
 	}
 
 	// The file does not seem to have SSP enabled