← Back to branch summary

~louis/ubuntu/trusty/clamav/lp799623_fix_logrotate

« back to all changes in this revision

Viewing changes to libclamav/elf.c

  • Committer: Bazaar Package Importer
  • Author(s): Scott Kitterman
  • Date: 2010-03-12 11:30:04 UTC
  • mfrom: (0.41.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20100312113004-b0fop4bkycszdd0z
Tags: 0.96~rc1+dfsg-0ubuntu1
https://launchpad.net/bugs/537636
* New upstream RC - FFE (LP: #537636):
  - Add OfficialDatabaseOnly option to clamav-base.postinst.in
  - Add LocalSocketGroup option to clamav-base.postinst.in
  - Add LocalSocketMode option to clamav-base.postinst.in
  - Add CrossFilesystems option to clamav-base.postinst.in
  - Add ClamukoScannerCount option to clamav-base.postinst.in
  - Add BytecodeSecurity opiton to clamav-base.postinst.in
  - Add DetectionStatsHostID option to clamav-freshclam.postinst.in
  - Add Bytecode option to clamav-freshclam.postinst.in
  - Add MilterSocketGroup option to clamav-milter.postinst.in
  - Add MilterSocketMode option to clamav-milter.postinst.in
  - Add ReportHostname option to clamav-milter.postinst.in
  - Bump libclamav SO version to 6.1.0 in libclamav6.install
  - Drop clamdmon from clamav.examples (no longer shipped by upstream)
  - Drop libclamav.a from libclamav-dev.install (not built by upstream)
  - Update SO version for lintian override for libclamav6
  - Add new Bytecode Testing Tool, usr/bin/clambc, to clamav.install
  - Add build-depends on python and python-setuptools for new test suite
  - Update debian/copyright for the embedded copy of llvm (using the system
    llvm is not currently feasible)

Show diffs side-by-side

added added

removed removed

Lines of Context:
libclamav/elf.c
1
1
/*
2
 
 *  Copyright (C) 2007-2008 Sourcefire, Inc.
 
2
 *  Copyright (C) 2007-2009 Sourcefire, Inc.
3
3
 *
4
4
 *  Authors: Tomasz Kojm
5
5
 *
39
39
#include "execs.h"
40
40
#include "matcher.h"
41
41
 
42
 
static inline uint16_t EC16(uint16_t v, uint8_t c)
43
 
{
44
 
    if(!c)
45
 
        return v;
46
 
    else
47
 
        return ((v >> 8) + (v << 8));
48
 
}
49
 
 
50
 
static inline uint32_t EC32(uint32_t v, uint8_t c)
51
 
{
52
 
    if(!c)
53
 
        return v;
54
 
    else
55
 
        return ((v >> 24) | ((v & 0x00FF0000) >> 8) | ((v & 0x0000FF00) << 8) | (v << 24));
56
 
}
 
42
#define EC16(v, conv)   (conv ? cbswap16(v) : v)
 
43
#define EC32(v, conv)   (conv ? cbswap32(v) : v)
57
44
 
58
45
static uint32_t cli_rawaddr(uint32_t vaddr, struct elf_program_hdr32 *ph, uint16_t phnum, uint8_t conv, uint8_t *err)
59
46
{
76
63
    return vaddr - EC32(ph[i].p_vaddr, conv) + EC32(ph[i].p_offset, conv);
77
64
}
78
65
 
79
 
int cli_scanelf(int desc, cli_ctx *ctx)
 
66
int cli_scanelf(cli_ctx *ctx)
80
67
{
81
68
        struct elf_file_hdr32 file_hdr;
82
69
        struct elf_section_hdr32 *section_hdr;
84
71
        uint16_t shnum, phnum, shentsize, phentsize;
85
72
        uint32_t entry, fentry, shoff, phoff, i;
86
73
        uint8_t conv = 0, err;
 
74
        unsigned int format;
 
75
        fmap_t *map = *ctx->fmap;
87
76
 
88
77
 
89
78
    cli_dbgmsg("in cli_scanelf\n");
90
79
 
91
 
    if(read(desc, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
 
80
    if(fmap_readn(map, &file_hdr, 0, sizeof(file_hdr)) != sizeof(file_hdr)) {
92
81
        /* Not an ELF file? */
93
82
        cli_dbgmsg("ELF: Can't read file header\n");
94
83
        return CL_CLEAN;
99
88
        return CL_CLEAN;
100
89
    }
101
90
 
102
 
    if(file_hdr.e_ident[4] != 1) {
103
 
        cli_dbgmsg("ELF: 64-bit binaries are not supported (yet)\n");
104
 
        return CL_CLEAN;
 
91
    format = file_hdr.e_ident[4];
 
92
    if(format != 1 && format != 2) {
 
93
        cli_dbgmsg("ELF: Unknown ELF class (%u)\n", file_hdr.e_ident[4]);
 
94
        return CL_EFORMAT;
 
95
    }
 
96
 
 
97
    if(format == 2) {
 
98
            struct elf_file_hdr64 file_hdr64;
 
99
        if(fmap_readn(map, &file_hdr64, 0, sizeof(file_hdr64)) != sizeof(file_hdr64)) {
 
100
            /* Not an ELF file? */
 
101
            cli_dbgmsg("ELF: Can't read file header\n");
 
102
            return CL_CLEAN;
 
103
        }
 
104
        /* it's enough for us to handle ELF64 as 32 */
 
105
        file_hdr.e_entry = file_hdr64.e_entry;
 
106
        file_hdr.e_phoff = file_hdr64.e_phoff;
 
107
        file_hdr.e_shoff = file_hdr64.e_shoff;
 
108
        file_hdr.e_flags = file_hdr64.e_flags;
 
109
        file_hdr.e_ehsize = file_hdr64.e_ehsize;
 
110
        file_hdr.e_phentsize = file_hdr64.e_phentsize;
 
111
        if(file_hdr.e_phentsize == sizeof(struct elf_program_hdr64))
 
112
            file_hdr.e_phentsize = sizeof(struct elf_program_hdr32);
 
113
        file_hdr.e_phnum = file_hdr64.e_phnum;
 
114
        file_hdr.e_shentsize = file_hdr64.e_shentsize;
 
115
        if(file_hdr.e_shentsize == sizeof(struct elf_section_hdr64))
 
116
            file_hdr.e_shentsize = sizeof(struct elf_section_hdr32);
 
117
        file_hdr.e_shnum = file_hdr64.e_shnum;
 
118
        file_hdr.e_shstrndx = file_hdr64.e_shstrndx;
105
119
    }
106
120
 
107
121
    if(file_hdr.e_ident[5] == 1) {
142
156
 
143
157
    switch(EC16(file_hdr.e_machine, conv)) {
144
158
        /* Due to a huge list, we only include the most popular machines here */
145
 
        case 0x0: /* EM_NONE */
 
159
        case 0: /* EM_NONE */
146
160
            cli_dbgmsg("ELF: Machine type: None\n");
147
161
            break;
148
 
        case 0x2: /* EM_SPARC */
 
162
        case 2: /* EM_SPARC */
149
163
            cli_dbgmsg("ELF: Machine type: SPARC\n");
150
164
            break;
151
 
        case 0x3: /* EM_386 */
 
165
        case 3: /* EM_386 */
152
166
            cli_dbgmsg("ELF: Machine type: Intel 80386\n");
153
167
            break;
154
 
        case 0x4: /* EM_68K */
 
168
        case 4: /* EM_68K */
155
169
            cli_dbgmsg("ELF: Machine type: Motorola 68000\n");
156
170
            break;
157
 
        case 0x8: /* EM_MIPS */
 
171
        case 8: /* EM_MIPS */
158
172
            cli_dbgmsg("ELF: Machine type: MIPS RS3000\n");
159
173
            break;
160
 
        case 0x15: /* EM_PARISC */
 
174
        case 9: /* EM_S370 */
 
175
            cli_dbgmsg("ELF: Machine type: IBM System/370\n");
 
176
            break;
 
177
        case 15: /* EM_PARISC */
161
178
            cli_dbgmsg("ELF: Machine type: HPPA\n");
162
179
            break;
163
 
        case 0x20: /* EM_PPC */
 
180
        case 20: /* EM_PPC */
164
181
            cli_dbgmsg("ELF: Machine type: PowerPC\n");
165
182
            break;
166
 
        case 0x21: /* EM_PPC64 */
 
183
        case 21: /* EM_PPC64 */
167
184
            cli_dbgmsg("ELF: Machine type: PowerPC 64-bit\n");
168
185
            break;
169
 
        case 0x22: /* EM_S390 */
 
186
        case 22: /* EM_S390 */
170
187
            cli_dbgmsg("ELF: Machine type: IBM S390\n");
171
188
            break;
172
 
        case 0x40: /* EM_ARM */
 
189
        case 40: /* EM_ARM */
173
190
            cli_dbgmsg("ELF: Machine type: ARM\n");
174
191
            break;
175
 
        case 0x41: /* EM_FAKE_ALPHA */
 
192
        case 41: /* EM_FAKE_ALPHA */
176
193
            cli_dbgmsg("ELF: Machine type: Digital Alpha\n");
177
194
            break;
178
 
        case 0x43: /* EM_SPARCV9 */
 
195
        case 43: /* EM_SPARCV9 */
179
196
            cli_dbgmsg("ELF: Machine type: SPARC v9 64-bit\n");
180
197
            break;
181
 
        case 0x50: /* EM_IA_64 */
 
198
        case 50: /* EM_IA_64 */
182
199
            cli_dbgmsg("ELF: Machine type: IA64\n");
183
200
            break;
 
201
        case 62: /* EM_X86_64 */
 
202
            cli_dbgmsg("ELF: Machine type: AMD x86-64\n");
 
203
            break;
184
204
        default:
185
 
            cli_dbgmsg("ELF: Machine type: Unknown (%d)\n", EC16(file_hdr.e_machine, conv));
 
205
            cli_dbgmsg("ELF: Machine type: Unknown (0x%x)\n", EC16(file_hdr.e_machine, conv));
186
206
    }
187
207
 
188
208
    entry = EC32(file_hdr.e_entry, conv);
195
215
        cli_dbgmsg("ELF: Suspicious number of program headers\n");
196
216
        if(DETECT_BROKEN) {
197
217
            if(ctx->virname)
198
 
                *ctx->virname = "Broken.Executable";
199
 
            return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
218
                *ctx->virname = "Heuristics.Broken.Executable";
 
219
            return CL_VIRUS;
200
220
        }
201
221
        return CL_EFORMAT;
202
222
    }
208
228
            cli_dbgmsg("ELF: phentsize != sizeof(struct elf_program_hdr32)\n");
209
229
            if(DETECT_BROKEN) {
210
230
                if(ctx->virname)
211
 
                    *ctx->virname = "Broken.Executable";
212
 
                return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
231
                    *ctx->virname = "Heuristics.Broken.Executable";
 
232
                return CL_VIRUS;
213
233
            }
214
234
            return CL_EFORMAT;
215
235
        }
216
236
 
217
237
        phoff = EC32(file_hdr.e_phoff, conv);
218
238
        cli_dbgmsg("ELF: Program header table offset: %d\n", phoff);
219
 
        if((uint32_t) lseek(desc, phoff, SEEK_SET) != phoff) {
220
 
            if(DETECT_BROKEN) {
221
 
                if(ctx->virname)
222
 
                    *ctx->virname = "Broken.Executable";
223
 
                return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
224
 
            }
225
 
            return CL_CLEAN;
226
 
        }
227
239
 
228
240
        program_hdr = (struct elf_program_hdr32 *) cli_calloc(phnum, phentsize);
229
241
        if(!program_hdr) {
234
246
        cli_dbgmsg("------------------------------------\n");
235
247
 
236
248
        for(i = 0; i < phnum; i++) {
237
 
 
238
 
            if(read(desc, &program_hdr[i], sizeof(struct elf_program_hdr32)) != sizeof(struct elf_program_hdr32)) {
 
249
            err = 0;
 
250
            if(format == 1) {
 
251
                if(fmap_readn(map, &program_hdr[i], phoff, sizeof(struct elf_program_hdr32)) != sizeof(struct elf_program_hdr32))
 
252
                    err = 1;
 
253
                phoff += sizeof(struct elf_program_hdr32);
 
254
            } else {
 
255
                    struct elf_program_hdr64 program_hdr64;
 
256
 
 
257
                if(fmap_readn(map, &program_hdr64, phoff, sizeof(program_hdr64)) != sizeof(program_hdr64)) {
 
258
                    err = 1;
 
259
                } else {
 
260
                    program_hdr[i].p_type = program_hdr64.p_type;
 
261
                    program_hdr[i].p_offset = program_hdr64.p_offset;
 
262
                    program_hdr[i].p_vaddr = program_hdr64.p_vaddr;
 
263
                    program_hdr[i].p_paddr = program_hdr64.p_paddr;
 
264
                    program_hdr[i].p_filesz = program_hdr64.p_filesz;
 
265
                    program_hdr[i].p_memsz = program_hdr64.p_memsz;
 
266
                    program_hdr[i].p_flags = program_hdr64.p_flags;
 
267
                    program_hdr[i].p_align = program_hdr64.p_align;
 
268
                }
 
269
                phoff += sizeof(program_hdr64);
 
270
            }
 
271
 
 
272
            if(err) {
239
273
                cli_dbgmsg("ELF: Can't read segment #%d\n", i);
240
274
                cli_dbgmsg("ELF: Possibly broken ELF file\n");
241
275
                free(program_hdr);
242
276
                if(DETECT_BROKEN) {
243
277
                    if(ctx->virname)
244
 
                        *ctx->virname = "Broken.Executable";
245
 
                    return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
278
                        *ctx->virname = "Heuristics.Broken.Executable";
 
279
                    return CL_VIRUS;
246
280
                }
247
281
                return CL_CLEAN;
248
282
            }
262
296
            cli_dbgmsg("ELF: Can't calculate file offset of entry point\n");
263
297
            if(DETECT_BROKEN) {
264
298
                if(ctx->virname)
265
 
                    *ctx->virname = "Broken.Executable";
266
 
                return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
299
                    *ctx->virname = "Heuristics.Broken.Executable";
 
300
                return CL_VIRUS;
267
301
            }
268
302
            return CL_EFORMAT;
269
303
        }
279
313
        cli_dbgmsg("ELF: Suspicious number of sections\n");
280
314
        if(DETECT_BROKEN) {
281
315
            if(ctx->virname)
282
 
                *ctx->virname = "Broken.Executable";
283
 
            return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
316
                *ctx->virname = "Heuristics.Broken.Executable";
 
317
            return CL_VIRUS;
284
318
        }
285
319
        return CL_EFORMAT;
286
320
    }
290
324
        cli_dbgmsg("ELF: shentsize != sizeof(struct elf_section_hdr32)\n");
291
325
        if(DETECT_BROKEN) {
292
326
            if(ctx->virname)
293
 
                *ctx->virname = "Broken.Executable";
294
 
            return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
327
                *ctx->virname = "Heuristics.Broken.Executable";
 
328
            return CL_VIRUS;
295
329
        }
296
330
        return CL_EFORMAT;
297
331
    }
298
332
 
299
333
    shoff = EC32(file_hdr.e_shoff, conv);
300
334
    cli_dbgmsg("ELF: Section header table offset: %d\n", shoff);
301
 
    if((uint32_t) lseek(desc, shoff, SEEK_SET) != shoff) {
302
 
        /* Possibly broken end of file */
303
 
        if(DETECT_BROKEN) {
304
 
            if(ctx->virname)
305
 
                *ctx->virname = "Broken.Executable";
306
 
            return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
307
 
        }
308
 
        return CL_CLEAN;
309
 
    }
310
335
 
311
336
    section_hdr = (struct elf_section_hdr32 *) cli_calloc(shnum, shentsize);
312
337
    if(!section_hdr) {
317
342
    cli_dbgmsg("------------------------------------\n");
318
343
 
319
344
    for(i = 0; i < shnum; i++) {
320
 
 
321
 
        if(read(desc, &section_hdr[i], sizeof(struct elf_section_hdr32)) != sizeof(struct elf_section_hdr32)) {
 
345
        err = 0;
 
346
        if(format == 1) {
 
347
            if(fmap_readn(map, &section_hdr[i], shoff, sizeof(struct elf_section_hdr32)) != sizeof(struct elf_section_hdr32))
 
348
                err = 1;
 
349
            shoff += sizeof(struct elf_section_hdr32);
 
350
        } else {
 
351
                struct elf_section_hdr64 section_hdr64;
 
352
 
 
353
            if(fmap_readn(map, &section_hdr64, shoff, sizeof(section_hdr64)) != sizeof(section_hdr64)) {
 
354
                err = 1;
 
355
            } else {
 
356
                section_hdr[i].sh_name = section_hdr64.sh_name;
 
357
                section_hdr[i].sh_type = section_hdr64.sh_type;
 
358
                section_hdr[i].sh_flags = section_hdr64.sh_flags;
 
359
                section_hdr[i].sh_addr = section_hdr64.sh_addr;
 
360
                section_hdr[i].sh_offset = section_hdr64.sh_offset;
 
361
                section_hdr[i].sh_size = section_hdr64.sh_size;
 
362
                section_hdr[i].sh_link = section_hdr64.sh_link;
 
363
                section_hdr[i].sh_info = section_hdr64.sh_info;
 
364
                section_hdr[i].sh_addralign = section_hdr64.sh_addralign;
 
365
                section_hdr[i].sh_entsize = section_hdr64.sh_entsize;
 
366
            }
 
367
            shoff += sizeof(section_hdr64);
 
368
        }
 
369
 
 
370
        if(err) {
322
371
            cli_dbgmsg("ELF: Can't read section header\n");
323
372
            cli_dbgmsg("ELF: Possibly broken ELF file\n");
324
373
            free(section_hdr);
325
374
            if(DETECT_BROKEN) {
326
375
                if(ctx->virname)
327
 
                    *ctx->virname = "Broken.Executable";
328
 
                return cli_checkfp(desc, ctx) ? CL_CLEAN : CL_VIRUS;
 
376
                    *ctx->virname = "Heuristics.Broken.Executable";
 
377
                return CL_VIRUS;
329
378
            }
330
379
            return CL_CLEAN;
331
380
        }
406
455
    return CL_CLEAN;
407
456
}
408
457
 
409
 
int cli_elfheader(int desc, struct cli_exe_info *elfinfo)
 
458
int cli_elfheader(fmap_t *map, struct cli_exe_info *elfinfo)
410
459
{
411
460
        struct elf_file_hdr32 file_hdr;
412
461
        struct elf_section_hdr32 *section_hdr;
414
463
        uint16_t shnum, phnum, shentsize, phentsize, i;
415
464
        uint32_t entry, fentry = 0, shoff, phoff;
416
465
        uint8_t conv = 0, err;
417
 
 
 
466
        unsigned int format;
418
467
 
419
468
    cli_dbgmsg("in cli_elfheader\n");
420
469
 
421
 
    if(read(desc, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
 
470
    if(fmap_readn(map, &file_hdr, 0, sizeof(file_hdr)) != sizeof(file_hdr)) {
422
471
        /* Not an ELF file? */
423
472
        cli_dbgmsg("ELF: Can't read file header\n");
424
473
        return -1;
429
478
        return -1;
430
479
    }
431
480
 
432
 
    if(file_hdr.e_ident[4] != 1) {
433
 
        cli_dbgmsg("ELF: 64-bit binaries are not supported (yet)\n");
 
481
    format = file_hdr.e_ident[4];
 
482
    if(format != 1 && format != 2) {
 
483
        cli_dbgmsg("ELF: Unknown ELF class (%u)\n", file_hdr.e_ident[4]);
434
484
        return -1;
435
485
    }
436
486
 
 
487
    if(format == 2) {
 
488
            struct elf_file_hdr64 file_hdr64;
 
489
        if(!fmap_readn(map, &file_hdr64, 0, sizeof(file_hdr64)) != sizeof(file_hdr64)) {
 
490
            /* Not an ELF file? */
 
491
            cli_dbgmsg("ELF: Can't read file header\n");
 
492
            return -1; 
 
493
        }
 
494
        /* it's enough for us to handle ELF64 as 32 */
 
495
        file_hdr.e_entry = file_hdr64.e_entry;
 
496
        file_hdr.e_phoff = file_hdr64.e_phoff;
 
497
        file_hdr.e_shoff = file_hdr64.e_shoff;
 
498
        file_hdr.e_flags = file_hdr64.e_flags;
 
499
        file_hdr.e_ehsize = file_hdr64.e_ehsize;
 
500
        file_hdr.e_phentsize = file_hdr64.e_phentsize;
 
501
        if(file_hdr.e_phentsize == sizeof(struct elf_program_hdr64))
 
502
            file_hdr.e_phentsize = sizeof(struct elf_program_hdr32);
 
503
        file_hdr.e_phnum = file_hdr64.e_phnum;
 
504
        file_hdr.e_shentsize = file_hdr64.e_shentsize;
 
505
        if(file_hdr.e_shentsize == sizeof(struct elf_section_hdr64))
 
506
            file_hdr.e_shentsize = sizeof(struct elf_section_hdr32);
 
507
        file_hdr.e_shnum = file_hdr64.e_shnum;
 
508
        file_hdr.e_shstrndx = file_hdr64.e_shstrndx;
 
509
    }
 
510
 
437
511
    if(file_hdr.e_ident[5] == 1) {
438
512
#if WORDS_BIGENDIAN == 1
439
513
        conv = 1;
459
533
        }
460
534
 
461
535
        phoff = EC32(file_hdr.e_phoff, conv);
462
 
        if((uint32_t) lseek(desc, phoff, SEEK_SET) != phoff) {
463
 
            return -1;
464
 
        }
465
536
 
466
537
        program_hdr = (struct elf_program_hdr32 *) cli_calloc(phnum, phentsize);
467
538
        if(!program_hdr) {
470
541
        }
471
542
 
472
543
        for(i = 0; i < phnum; i++) {
473
 
            if(read(desc, &program_hdr[i], sizeof(struct elf_program_hdr32)) != sizeof(struct elf_program_hdr32)) {
 
544
            err = 0;
 
545
            if(format == 1) {
 
546
                if(fmap_readn(map, &program_hdr[i], phoff, sizeof(struct elf_program_hdr32)) != sizeof(struct elf_program_hdr32))
 
547
                    err = 1;
 
548
                phoff += sizeof(struct elf_program_hdr32);
 
549
            } else {
 
550
                    struct elf_program_hdr64 program_hdr64;
 
551
 
 
552
                if(fmap_readn(map, &program_hdr64, phoff, sizeof(program_hdr64)) != sizeof(program_hdr64)) {
 
553
                    err = 1;
 
554
                } else {
 
555
                    program_hdr[i].p_type = program_hdr64.p_type;
 
556
                    program_hdr[i].p_offset = program_hdr64.p_offset;
 
557
                    program_hdr[i].p_vaddr = program_hdr64.p_vaddr;
 
558
                    program_hdr[i].p_paddr = program_hdr64.p_paddr;
 
559
                    program_hdr[i].p_filesz = program_hdr64.p_filesz;
 
560
                    program_hdr[i].p_memsz = program_hdr64.p_memsz;
 
561
                    program_hdr[i].p_flags = program_hdr64.p_flags;
 
562
                    program_hdr[i].p_align = program_hdr64.p_align;
 
563
                }
 
564
                phoff += sizeof(program_hdr64);
 
565
            }
 
566
 
 
567
            if(err) {
474
568
                cli_dbgmsg("ELF: Can't read segment #%d\n", i);
475
569
                free(program_hdr);
476
570
                return -1;
501
595
    }
502
596
 
503
597
    shoff = EC32(file_hdr.e_shoff, conv);
504
 
    if((uint32_t) lseek(desc, shoff, SEEK_SET) != shoff) {
505
 
        /* Possibly broken end of file */
506
 
        return -1;
507
 
    }
508
598
 
509
599
    elfinfo->section = (struct cli_exe_section *) cli_calloc(elfinfo->nsections, sizeof(struct cli_exe_section));
510
600
    if(!elfinfo->section) {
521
611
    }
522
612
 
523
613
    for(i = 0; i < shnum; i++) {
524
 
 
525
 
        if(read(desc, &section_hdr[i], sizeof(struct elf_section_hdr32)) != sizeof(struct elf_section_hdr32)) {
 
614
        err = 0;
 
615
        if(format == 1) {
 
616
            if(fmap_readn(map, &section_hdr[i], shoff, sizeof(struct elf_section_hdr32)) != sizeof(struct elf_section_hdr32))
 
617
                err = 1;
 
618
            shoff += sizeof(struct elf_section_hdr32);
 
619
        } else {
 
620
                struct elf_section_hdr64 section_hdr64;
 
621
 
 
622
            if(fmap_readn(map, &section_hdr64, shoff, sizeof(section_hdr64)) != sizeof(section_hdr64)) {
 
623
                err = 1;
 
624
            } else {
 
625
                section_hdr[i].sh_name = section_hdr64.sh_name;
 
626
                section_hdr[i].sh_type = section_hdr64.sh_type;
 
627
                section_hdr[i].sh_flags = section_hdr64.sh_flags;
 
628
                section_hdr[i].sh_addr = section_hdr64.sh_addr;
 
629
                section_hdr[i].sh_offset = section_hdr64.sh_offset;
 
630
                section_hdr[i].sh_size = section_hdr64.sh_size;
 
631
                section_hdr[i].sh_link = section_hdr64.sh_link;
 
632
                section_hdr[i].sh_info = section_hdr64.sh_info;
 
633
                section_hdr[i].sh_addralign = section_hdr64.sh_addralign;
 
634
                section_hdr[i].sh_entsize = section_hdr64.sh_entsize;
 
635
            }
 
636
            shoff += sizeof(section_hdr64);
 
637
        }
 
638
 
 
639
        if(err) {
 
640
            cli_dbgmsg("ELF: Can't read section header\n");
526
641
            free(section_hdr);
527
642
            free(elfinfo->section);
528
643
            elfinfo->section = NULL;
529
644
            return -1;
530
645
        }
531
 
 
532
646
        elfinfo->section[i].rva = EC32(section_hdr[i].sh_addr, conv);
533
647
        elfinfo->section[i].raw = EC32(section_hdr[i].sh_offset, conv);
534
648
        elfinfo->section[i].rsz = EC32(section_hdr[i].sh_size, conv);