file/debian/patches/CVE-2014-9653.1.4c948c0.patch

Subject: Fix previous, reading section name
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Fri Feb 22 01:35:49 2013 +0000
Origin: FILE5_12-68-g4c948c0
Last-Update: 2015-02-15

(prequisite for CVE-2014-9653)

--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1013,18 +1013,23 @@
 		return 0;
 	}
 
-	/* Save offset of name section to be able to read section names later */
-	name_off = off * size * strtab;
-	/* Read the name of this section. */
-	if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
+	/* Read offset of name section to be able to read section names later */
+	if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
 		file_badread(ms);
 		return -1;
 	}
-	name[sizeof(name) - 1] = '\0';
-	if (strcmp(name, ".debug_info") == 0)
-		stripped = 0;
+	name_off = xsh_offset;
 
 	for ( ; num; num--) {
+		/* Read the name of this section. */
+		if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
+			file_badread(ms);
+			return -1;
+		}
+		name[sizeof(name) - 1] = '\0';
+		if (strcmp(name, ".debug_info") == 0)
+			stripped = 0;
+
 		if (pread(fd, xsh_addr, xsh_sizeof, off) < (ssize_t)xsh_sizeof) {
 			file_badread(ms);
 			return -1;