Subject: Stop reporting bad capabilities after the first few
ID: CVE-2014-8116
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Sat Nov 22 23:57:44 2014 +0000
Origin: FILE5_20-28-gd7cdad0
Last-Update: 2015-01-09

--- a/src/readelf.c
+++ b/src/readelf.c
@@ -859,6 +859,7 @@
 	Elf32_Shdr sh32;
 	Elf64_Shdr sh64;
 	int stripped = 1;
+	size_t nbadcap = 0;
 	void *nbuf;
 	off_t noff;
 	uint64_t cap_hw1 = 0;	/* SunOS 5.x hardware capabilites */
@@ -936,6 +937,8 @@
 				file_badread(ms);
 				return -1;
 			}
+			if (nbadcap > 5)
+				break;
 			if (lseek(fd, (off_t)xsh_offset, SEEK_SET) ==
 			    (off_t)-1) {
 				file_badread(ms);
@@ -971,6 +974,8 @@
 					    (unsigned long long)xcap_tag,
 					    (unsigned long long)xcap_val) == -1)
 						return -1;
+					if (nbadcap++ > 2)
+						coff = xsh_size;
 					break;
 				}
 			}