From 1bb93d4fce9f1d764ba57bf5ac154af515b3fc83 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Mon, 13 Jan 2020 17:26:31 -0800
Subject: [PATCH] Detect bad e_shstrtab better.

https://github.com/upx/upx/issues/332
	modified:   p_lx_elf.cpp
---
 src/p_lx_elf.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
index ef58eee8..96f5838d 100644
--- a/src/p_lx_elf.cpp
+++ b/src/p_lx_elf.cpp
@@ -2039,11 +2039,12 @@ bool PackLinuxElf32::canPack()
             if (sec_strndx) {
                 unsigned const sh_name = get_te32(&sec_strndx->sh_name);
                 if (Elf32_Shdr::SHT_STRTAB != get_te32(&sec_strndx->sh_type)
-                || (u32_t)file_size <= sh_name  // FIXME: weak
+                || (u32_t)file_size <= (sizeof(".shstrtab")
+                    + sh_name + (shstrtab - (const char *)&file_image[0]))
                 || (sh_name
                   && 0!=strcmp((char const *)".shstrtab", &shstrtab[sh_name]))
                 ) {
-                    throwCantPack("bad e_shstrndx");
+                    throwCantPack("bad e_shstrtab");
                 }
             }
         }
@@ -2388,11 +2389,12 @@ PackLinuxElf64::canPack()
             if (sec_strndx) {
                 unsigned const sh_name = get_te32(&sec_strndx->sh_name);
                 if (Elf64_Shdr::SHT_STRTAB != get_te32(&sec_strndx->sh_type)
-                || (u32_t)file_size <= sh_name  // FIXME: weak
+                || (u32_t)file_size <= (sizeof(".shstrtab")
+                    + sh_name + (shstrtab - (const char *)&file_image[0]))
                 || (sh_name
                   && 0!=strcmp((char const *)".shstrtab", &shstrtab[sh_name]))
                 ) {
-                    throwCantPack("bad e_shstrndx");
+                    throwCantPack("bad e_shstrtab");
                 }
             }
         }