From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 1 Jan 2025 17:42:44 +0000 (+0000)
Subject: ELF: Move execstack check
X-Git-Tag: 0.9.30~596
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72bbc98331fe254a2d47c2a23af21db206e18daa;p=pakfire.git

ELF: Move execstack check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/elf.c b/src/libpakfire/elf.c
index 27b78b319..9f69f6c57 100644
--- a/src/libpakfire/elf.c
+++ b/src/libpakfire/elf.c
@@ -356,6 +356,49 @@ int pakfire_elf_has_ssp(struct pakfire_elf* self) {
 	return 0;
 }
 
+int pakfire_elf_has_execstack(struct pakfire_elf* self) {
+	GElf_Phdr phdr;
+	int r;
+
+	size_t phnum = 0;
+
+	// Fetch the total numbers of program headers
+	r = elf_getphdrnum(self->elf, &phnum);
+	if (r) {
+		ERROR(self->ctx,
+			"Could not fetch number of program headers: %s\n", elf_errmsg(-1));
+		return -EINVAL;
+	}
+
+	// Walk through all program headers
+	for (unsigned int i = 0; i < phnum; i++) {
+		if (!gelf_getphdr(self->elf, i, &phdr)) {
+			ERROR(self->ctx, "Could not parse program header: %s\n", elf_errmsg(-1));
+			return -ENOTSUP;
+		}
+
+		switch (phdr.p_type) {
+			case PT_GNU_STACK:
+				DEBUG(self->ctx,
+					"%s: GNU_STACK flags: %c%c%c\n",
+					self->path,
+					(phdr.p_flags & PF_R) ? 'R' : '-',
+					(phdr.p_flags & PF_W) ? 'W' : '-',
+					(phdr.p_flags & PF_X) ? 'X' : '-'
+				);
+
+				// The stack cannot be writable and executable
+				if ((phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
+					return 1;
+
+			default:
+				break;
+		}
+	}
+
+	return 0;
+}
+
 int pakfire_elf_is_stripped(struct pakfire_elf* self) {
 	Elf_Scn* symtab = NULL;
 
diff --git a/src/libpakfire/include/pakfire/elf.h b/src/libpakfire/include/pakfire/elf.h
index 54f3713c7..f34e405e1 100644
--- a/src/libpakfire/include/pakfire/elf.h
+++ b/src/libpakfire/include/pakfire/elf.h
@@ -44,6 +44,7 @@ const char* pakfire_elf_debuglink(struct pakfire_elf* self);
 
 int pakfire_elf_is_pie(struct pakfire_elf* self);
 int pakfire_elf_has_ssp(struct pakfire_elf* self);
+int pakfire_elf_has_execstack(struct pakfire_elf* self);
 int pakfire_elf_is_stripped(struct pakfire_elf* self);
 
 #endif /* PAKFIRE_PRIVATE */
diff --git a/src/libpakfire/linter-file.c b/src/libpakfire/linter-file.c
index e8b623701..3f4164337 100644
--- a/src/libpakfire/linter-file.c
+++ b/src/libpakfire/linter-file.c
@@ -482,44 +482,8 @@ static int pakfire_linter_file_check_ssp(struct pakfire_linter_file* lfile) {
 }
 
 static int pakfire_linter_file_check_execstack(struct pakfire_linter_file* lfile) {
-	GElf_Phdr phdr;
-	int r;
-
-	size_t phnum = 0;
-
-	// Fetch the total numbers of program headers
-	r = elf_getphdrnum(lfile->elf, &phnum);
-	if (r) {
-		ERROR(lfile->ctx,
-			"Could not fetch number of program headers: %s\n", elf_errmsg(-1));
-		return -EINVAL;
-	}
-
-	// Walk through all program headers
-	for (unsigned int i = 0; i < phnum; i++) {
-		if (!gelf_getphdr(lfile->elf, i, &phdr)) {
-			ERROR(lfile->ctx, "Could not parse program header: %s\n", elf_errmsg(-1));
-			return -ENOTSUP;
-		}
-
-		switch (phdr.p_type) {
-			case PT_GNU_STACK:
-				DEBUG(lfile->ctx,
-					"%s: GNU_STACK flags: %c%c%c\n",
-					lfile->path,
-					(phdr.p_flags & PF_R) ? 'R' : '-',
-					(phdr.p_flags & PF_W) ? 'W' : '-',
-					(phdr.p_flags & PF_X) ? 'X' : '-'
-				);
-
-				// The stack cannot be writable and executable
-				if ((phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
-					return pakfire_linter_file_error(lfile, "Executable Stack");
-
-			default:
-				break;
-		}
-	}
+	if (pakfire_elf_has_execstack(lfile->_elf))
+		return pakfire_linter_file_error(lfile, "Executable Stack");
 
 	return 0;
 }