From 4832bf8bde9df6695f6f4e15a7885a1609bb579f Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Thu, 14 Feb 2019 23:42:24 +0100
Subject: [PATCH] debug/elf: perform stricter section header table checks in
 NewFile

If an ELF file has no section header table (shoff = 0), shnum must be
zero as well according to elf(5).

So far, when only shnum was zero but shoff was non-zero (i.e. in an
invalid ELF file) shstrndx wasn't properly checked and could result in
an 'index out of range' later on.

Fixes #10996

Change-Id: Ic248d2d77099b0036458e2a844b086a5f463c844
Reviewed-on: https://go-review.googlesource.com/c/162857
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
---
 src/debug/elf/file.go      |  7 +++++--
 src/debug/elf/file_test.go | 11 +++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go
index b2adc2834fc496..f92a2b00525385 100644
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@@ -276,7 +276,6 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	var phentsize, phnum int
 	var shoff int64
 	var shentsize, shnum, shstrndx int
-	shstrndx = -1
 	switch f.Class {
 	case ELFCLASS32:
 		hdr := new(Header32)
@@ -318,7 +317,11 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		shstrndx = int(hdr.Shstrndx)
 	}
 
-	if shnum > 0 && shoff > 0 && (shstrndx < 0 || shstrndx >= shnum) {
+	if shoff == 0 && shnum != 0 {
+		return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
+	}
+
+	if shnum > 0 && shstrndx >= shnum {
 		return nil, &FormatError{0, "invalid ELF shstrndx", shstrndx}
 	}
 
diff --git a/src/debug/elf/file_test.go b/src/debug/elf/file_test.go
index d7c1e9f800d862..b826a0ff050e25 100644
--- a/src/debug/elf/file_test.go
+++ b/src/debug/elf/file_test.go
@@ -810,3 +810,14 @@ func TestNoSectionOverlaps(t *testing.T) {
 		}
 	}
 }
+
+func TestIssue10996(t *testing.T) {
+	data := []byte("\u007fELF\x02\x01\x010000000000000" +
+		"\x010000000000000000000" +
+		"\x00\x00\x00\x00\x00\x00\x00\x0000000000\x00\x00\x00\x00" +
+		"0000")
+	_, err := NewFile(bytes.NewReader(data))
+	if err == nil {
+		t.Fatalf("opening invalid ELF file unexpectedly suceeded")
+	}
+}