From 6b500bc83ba9de15d9d45717d4fd449964f69c96 Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Wed, 22 Aug 2018 14:39:14 -0700
Subject: [PATCH] auxv_up() quit at AT_NULL, especially when AT_BASE has been
 omitted.

Based on contribution from Brian Geffon 'bgaff'
https://github.com/upx/upx/pull/215 ; bgaff
	modified:   amd64-linux.elf-main.c
	modified:   i386-bsd.elf-main.c
	modified:   i386-linux.elf.interp-main.c
	modified:   i386-openbsd.elf-main.c
---
 src/stub/src/amd64-linux.elf-main.c       | 5 +++++
 src/stub/src/i386-bsd.elf-main.c          | 5 +++++
 src/stub/src/i386-linux.elf.interp-main.c | 5 +++++
 src/stub/src/i386-openbsd.elf-main.c      | 5 +++++
 4 files changed, 20 insertions(+)

diff --git a/src/stub/src/amd64-linux.elf-main.c b/src/stub/src/amd64-linux.elf-main.c
index 397aeb41..226b9930 100644
--- a/src/stub/src/amd64-linux.elf-main.c
+++ b/src/stub/src/amd64-linux.elf-main.c
@@ -350,6 +350,11 @@ auxv_up(Elf64_auxv_t *av, unsigned const type, uint64_t const value)
             av->a_un.a_val = value;
             return;
         }
+        if (av->a_type==AT_NULL) {
+            // We can't do this as part of the for loop because we overwrite
+            // AT_NULL too.
+            return;
+        }
     }
 }
 
diff --git a/src/stub/src/i386-bsd.elf-main.c b/src/stub/src/i386-bsd.elf-main.c
index 62940102..8e2f1226 100644
--- a/src/stub/src/i386-bsd.elf-main.c
+++ b/src/stub/src/i386-bsd.elf-main.c
@@ -352,6 +352,11 @@ auxv_up(Elf32_auxv_t *av, unsigned const type, unsigned const value)
             av->a_un.a_val = value;
             return;
         }
+        if (av->a_type==AT_NULL) {
+            // We can't do this as part of the for loop because we overwrite
+            // AT_NULL too.
+            return;
+        }
     }
 }
 
diff --git a/src/stub/src/i386-linux.elf.interp-main.c b/src/stub/src/i386-linux.elf.interp-main.c
index c1ee7a8d..7281d35b 100644
--- a/src/stub/src/i386-linux.elf.interp-main.c
+++ b/src/stub/src/i386-linux.elf.interp-main.c
@@ -223,6 +223,11 @@ auxv_up(Elf32_auxv_t *av, unsigned const type, unsigned const value)
             av->a_un.a_val = value;
             return;
         }
+        if (av->a_type==AT_NULL) {
+            // We can't do this as part of the for loop because we overwrite
+            // AT_NULL too.
+            return;
+        }
     }
 }
 
diff --git a/src/stub/src/i386-openbsd.elf-main.c b/src/stub/src/i386-openbsd.elf-main.c
index e8da8109..3ddcce36 100644
--- a/src/stub/src/i386-openbsd.elf-main.c
+++ b/src/stub/src/i386-openbsd.elf-main.c
@@ -346,6 +346,11 @@ auxv_up(Elf32_auxv_t *av, unsigned const type, unsigned const value)
             av->a_un.a_val = value;
             return;
         }
+        if (av->a_type==AT_NULL) {
+            // We can't do this as part of the for loop because we overwrite
+            // AT_NULL too.
+            return;
+        }
     }
 }