filter objects for segment checksumming by dlpi_name, excludes rare false positives

author: Martin Willi <martin@strongswan.org> 2009-07-21 15:10:24 +0200
committer: Martin Willi <martin@strongswan.org> 2009-07-21 15:10:24 +0200
commit: fcac8f6571e754eaa94716bf9b319b7d0bc40ebe (patch)
tree: cb4f2dae2631dce812b8b0669e973370822157de /src
parent: 7655843ab5908cca32d7a7f06f02fbad3069860b (diff)
download: strongswan-fcac8f6571e754eaa94716bf9b319b7d0bc40ebe.tar.bz2
strongswan-fcac8f6571e754eaa94716bf9b319b7d0bc40ebe.tar.xz
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c
index 6a402b358..eb0bc1407 100644
--- a/src/libstrongswan/integrity_checker.c
+++ b/src/libstrongswan/integrity_checker.c
@@ -104,7 +104,14 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file)
  */
 static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli)
 {
-	if (dli->dli_fbase == (void*)dlpi->dlpi_addr)
+	/* We are looking for the dlpi_addr matching the address of our dladdr().
+	 * dl_iterate_phdr() returns such an address for other (unknown) objects
+	 * in very rare cases (e.g. in a chrooted gentoo, but only if
+	 * the checksum_builder is invoked by 'make'). As a workaround, we filter
+	 * objects by dlpi_name; valid objects have a library name.
+	 */
+	if (dli->dli_fbase == (void*)dlpi->dlpi_addr &&
+		dlpi->dlpi_name && *dlpi->dlpi_name)
 	{
 		int i;
author	Martin Willi <martin@strongswan.org>	2009-07-21 15:10:24 +0200
committer	Martin Willi <martin@strongswan.org>	2009-07-21 15:10:24 +0200
commit	fcac8f6571e754eaa94716bf9b319b7d0bc40ebe (patch)
tree	cb4f2dae2631dce812b8b0669e973370822157de /src
parent	7655843ab5908cca32d7a7f06f02fbad3069860b (diff)
download	strongswan-fcac8f6571e754eaa94716bf9b319b7d0bc40ebe.tar.bz2 strongswan-fcac8f6571e754eaa94716bf9b319b7d0bc40ebe.tar.xz