debug/elf: perform stricter section header table checks in NewFile

If an ELF file has no section header table (shoff = 0), shnum must be
zero as well according to elf(5).

So far, when only shnum was zero but shoff was non-zero (i.e. in an
invalid ELF file) shstrndx wasn't properly checked and could result in
an 'index out of range' later on.

Fixes #10996

Change-Id: Ic248d2d77099b0036458e2a844b086a5f463c844
Reviewed-on: https://go-review.googlesource.com/c/162857
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>

2 files changed, 16 insertions, 2 deletions

diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go
index b2adc2834f..f92a2b0052 100644
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@@ -276,7 +276,6 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	var phentsize, phnum int
 	var shoff int64
 	var shentsize, shnum, shstrndx int
-	shstrndx = -1
 	switch f.Class {
 	case ELFCLASS32:
 		hdr := new(Header32)
@@ -318,7 +317,11 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		shstrndx = int(hdr.Shstrndx)
 	}
 
-	if shnum > 0 && shoff > 0 && (shstrndx < 0 || shstrndx >= shnum) {
+	if shoff == 0 && shnum != 0 {
+		return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
+	}
+
+	if shnum > 0 && shstrndx >= shnum {
 		return nil, &FormatError{0, "invalid ELF shstrndx", shstrndx}
 	}
 
diff --git a/src/debug/elf/file_test.go b/src/debug/elf/file_test.go
index d7c1e9f800..b826a0ff05 100644
--- a/src/debug/elf/file_test.go
+++ b/src/debug/elf/file_test.go
@@ -810,3 +810,14 @@ func TestNoSectionOverlaps(t *testing.T) {
 		}
 	}
 }
+
+func TestIssue10996(t *testing.T) {
+	data := []byte("\u007fELF\x02\x01\x010000000000000" +
+		"\x010000000000000000000" +
+		"\x00\x00\x00\x00\x00\x00\x00\x0000000000\x00\x00\x00\x00" +
+		"0000")
+	_, err := NewFile(bytes.NewReader(data))
+	if err == nil {
+		t.Fatalf("opening invalid ELF file unexpectedly suceeded")
+	}
+}