filter objects for segment checksumming by dlpi_name, excludes rare false positives
authorMartin Willi <martin@strongswan.org>
Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)
src/libstrongswan/integrity_checker.c

index 6a402b3..eb0bc14 100644 (file)
@@ -104,7 +104,14 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file)
  */
 static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli)
 {
  */
 static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli)
 {
-       if (dli->dli_fbase == (void*)dlpi->dlpi_addr)
+       /* We are looking for the dlpi_addr matching the address of our dladdr().
+        * dl_iterate_phdr() returns such an address for other (unknown) objects
+        * in very rare cases (e.g. in a chrooted gentoo, but only if
+        * the checksum_builder is invoked by 'make'). As a workaround, we filter
+        * objects by dlpi_name; valid objects have a library name.
+        */
+       if (dli->dli_fbase == (void*)dlpi->dlpi_addr &&
+               dlpi->dlpi_name && *dlpi->dlpi_name)
        {
                int i;
                
        {
                int i;