From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mark@klomp.org>
Received: from gnu.wildebeest.org (wildebeest.demon.nl [212.238.236.112])
 by sourceware.org (Postfix) with ESMTPS id F09D83851C34
 for <elfutils-devel@sourceware.org>; Sun,  1 Nov 2020 18:46:06 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org F09D83851C34
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mark@klomp.org
Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id 9E25D30291AB;
 Sun,  1 Nov 2020 19:46:05 +0100 (CET)
Received: by tarox.wildebeest.org (Postfix, from userid 1000)
 id 89C81400194B; Sun,  1 Nov 2020 19:46:05 +0100 (CET)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Cc: Mark Wielaard <mark@klomp.org>
Subject: [PATCH] libelf: Check header exists in elf_strptr
Date: Sun,  1 Nov 2020 19:46:04 +0100
Message-Id: <20201101184604.23785-1-mark@klomp.org>
X-Mailer: git-send-email 2.18.4
X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2020 18:46:08 -0000

We already checked the header actually existed for ELFCLASS64 but not
for the ELFCLASS32 case. It is very unlikely it is at this point in the
code, but theoretically it could happen.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libelf/ChangeLog    | 4 ++++
 libelf/elf_strptr.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index aee1ffff..db3eed08 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2020-11-01  Mark Wielaard  <mark@klomp.org>
+
+	* elf_strptr.c (elf_strptr): Check shdr is not NULL.
+
 2020-11-01  Mark Wielaard  <mark@klomp.org>
 
 	* elf_getphdrnum.c (__elf_getphdrnum_rdlock): Set *dst to zero on
diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
index c7271707..76f2caf1 100644
--- a/libelf/elf_strptr.c
+++ b/libelf/elf_strptr.c
@@ -119,7 +119,7 @@ elf_strptr (Elf *elf, size_t idx, size_t offset)
   if (elf->class == ELFCLASS32)
     {
       Elf32_Shdr *shdr = strscn->shdr.e32 ?: __elf32_getshdr_rdlock (strscn);
-      if (unlikely (shdr->sh_type != SHT_STRTAB))
+      if (unlikely (shdr == NULL || shdr->sh_type != SHT_STRTAB))
 	{
 	  /* This is no string section.  */
 	  __libelf_seterrno (ELF_E_INVALID_SECTION);
-- 
2.18.4