|
|
50ece2 |
diff -up bash-4.0/execute_cmd.c.nobits bash-4.0/execute_cmd.c
|
|
|
50ece2 |
--- bash-4.0/execute_cmd.c.nobits 2009-08-11 11:53:38.000000000 +0200
|
|
|
50ece2 |
+++ bash-4.0/execute_cmd.c 2009-08-14 16:18:18.000000000 +0200
|
|
|
50ece2 |
@@ -4747,6 +4747,7 @@ shell_execve (command, args, env)
|
|
|
50ece2 |
&& memcmp (sample, ELFMAG, SELFMAG) == 0)
|
|
|
50ece2 |
{
|
|
|
50ece2 |
off_t offset = -1;
|
|
|
50ece2 |
+ int dynamic_nobits = 0;
|
|
|
50ece2 |
|
|
|
50ece2 |
/* It is an ELF file. Now determine whether it is dynamically
|
|
|
50ece2 |
linked and if yes, get the offset of the interpreter
|
|
|
50ece2 |
@@ -4756,13 +4757,61 @@ shell_execve (command, args, env)
|
|
|
50ece2 |
{
|
|
|
50ece2 |
Elf32_Ehdr ehdr;
|
|
|
50ece2 |
Elf32_Phdr *phdr;
|
|
|
50ece2 |
- int nphdr;
|
|
|
50ece2 |
+ Elf32_Shdr *shdr;
|
|
|
50ece2 |
+ int nphdr, nshdr;
|
|
|
50ece2 |
|
|
|
50ece2 |
/* We have to copy the data since the sample buffer
|
|
|
50ece2 |
might not be aligned correctly to be accessed as
|
|
|
50ece2 |
an Elf32_Ehdr struct. */
|
|
|
50ece2 |
memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));
|
|
|
50ece2 |
|
|
|
50ece2 |
+ nshdr = ehdr.e_shnum;
|
|
|
50ece2 |
+ shdr = (Elf32_Shdr *) malloc (nshdr * ehdr.e_shentsize);
|
|
|
50ece2 |
+
|
|
|
50ece2 |
+ if (shdr != NULL)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+#ifdef HAVE_PREAD
|
|
|
50ece2 |
+ sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
|
|
|
50ece2 |
+ ehdr.e_shoff);
|
|
|
50ece2 |
+#else
|
|
|
50ece2 |
+ if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
|
|
|
50ece2 |
+ sample_len = read (fd, shdr,
|
|
|
50ece2 |
+ nshdr * ehdr.e_shentsize);
|
|
|
50ece2 |
+ else
|
|
|
50ece2 |
+ sample_len = -1;
|
|
|
50ece2 |
+#endif
|
|
|
50ece2 |
+ if (sample_len == nshdr * ehdr.e_shentsize)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
|
|
|
50ece2 |
+ if (strings != NULL)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+#ifdef HAVE_PREAD
|
|
|
50ece2 |
+ sample_len = pread (fd, strings,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_size,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_offset);
|
|
|
50ece2 |
+#else
|
|
|
50ece2 |
+ if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
|
|
|
50ece2 |
+ SEEK_SET) != -1)
|
|
|
50ece2 |
+ sample_len = read (fd, strings,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_size);
|
|
|
50ece2 |
+ else
|
|
|
50ece2 |
+ sample_len = -1;
|
|
|
50ece2 |
+#endif
|
|
|
50ece2 |
+ if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
|
|
|
50ece2 |
+ while (nshdr-- > 0)
|
|
|
50ece2 |
+ if (strcmp (strings + shdr[nshdr].sh_name,
|
|
|
50ece2 |
+ ".interp") == 0 &&
|
|
|
50ece2 |
+ shdr[nshdr].sh_type == SHT_NOBITS)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ dynamic_nobits++;
|
|
|
50ece2 |
+ break;
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ free (strings);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ free (shdr);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+
|
|
|
50ece2 |
nphdr = ehdr.e_phnum;
|
|
|
50ece2 |
phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
|
|
|
50ece2 |
if (phdr != NULL)
|
|
|
50ece2 |
@@ -4792,13 +4841,60 @@ shell_execve (command, args, env)
|
|
|
50ece2 |
{
|
|
|
50ece2 |
Elf64_Ehdr ehdr;
|
|
|
50ece2 |
Elf64_Phdr *phdr;
|
|
|
50ece2 |
- int nphdr;
|
|
|
50ece2 |
+ Elf64_Shdr *shdr;
|
|
|
50ece2 |
+ int nphdr, nshdr;
|
|
|
50ece2 |
|
|
|
50ece2 |
/* We have to copy the data since the sample buffer
|
|
|
50ece2 |
might not be aligned correctly to be accessed as
|
|
|
50ece2 |
an Elf64_Ehdr struct. */
|
|
|
50ece2 |
memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));
|
|
|
50ece2 |
|
|
|
50ece2 |
+ nshdr = ehdr.e_shnum;
|
|
|
50ece2 |
+ shdr = (Elf64_Shdr *) malloc (nshdr * ehdr.e_shentsize);
|
|
|
50ece2 |
+ if (shdr != NULL)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+#ifdef HAVE_PREAD
|
|
|
50ece2 |
+ sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
|
|
|
50ece2 |
+ ehdr.e_shoff);
|
|
|
50ece2 |
+#else
|
|
|
50ece2 |
+ if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
|
|
|
50ece2 |
+ sample_len = read (fd, shdr,
|
|
|
50ece2 |
+ nshdr * ehdr.e_shentsize);
|
|
|
50ece2 |
+ else
|
|
|
50ece2 |
+ sample_len = -1;
|
|
|
50ece2 |
+#endif
|
|
|
50ece2 |
+ if (sample_len == nshdr * ehdr.e_shentsize)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
|
|
|
50ece2 |
+ if (strings != NULL)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+#ifdef HAVE_PREAD
|
|
|
50ece2 |
+ sample_len = pread (fd, strings,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_size,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_offset);
|
|
|
50ece2 |
+#else
|
|
|
50ece2 |
+ if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
|
|
|
50ece2 |
+ SEEK_SET) != -1)
|
|
|
50ece2 |
+ sample_len = read (fd, strings,
|
|
|
50ece2 |
+ shdr[ehdr.e_shstrndx].sh_size);
|
|
|
50ece2 |
+ else
|
|
|
50ece2 |
+ sample_len = -1;
|
|
|
50ece2 |
+#endif
|
|
|
50ece2 |
+ if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
|
|
|
50ece2 |
+ while (nshdr-- > 0)
|
|
|
50ece2 |
+ if (strcmp (strings + shdr[nshdr].sh_name,
|
|
|
50ece2 |
+ ".interp") == 0 &&
|
|
|
50ece2 |
+ shdr[nshdr].sh_type == SHT_NOBITS)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ dynamic_nobits++;
|
|
|
50ece2 |
+ break;
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ free (strings);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ free (shdr);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+
|
|
|
50ece2 |
nphdr = ehdr.e_phnum;
|
|
|
50ece2 |
phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
|
|
|
50ece2 |
if (phdr != NULL)
|
|
|
50ece2 |
@@ -4858,8 +4954,15 @@ shell_execve (command, args, env)
|
|
|
50ece2 |
{
|
|
|
50ece2 |
close (fd);
|
|
|
50ece2 |
errno = i;
|
|
|
50ece2 |
- sys_error ("%s: %s: bad ELF interpreter", command,
|
|
|
50ece2 |
- interp);
|
|
|
50ece2 |
+ if (dynamic_nobits > 0)
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ sys_error ("%s: bad ELF interpreter", command);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
+ else
|
|
|
50ece2 |
+ {
|
|
|
50ece2 |
+ sys_error ("%s: %s: bad ELF interpreter", command,
|
|
|
50ece2 |
+ interp);
|
|
|
50ece2 |
+ }
|
|
|
50ece2 |
free (interp);
|
|
|
50ece2 |
return (EX_NOEXEC);
|
|
|
50ece2 |
}
|