diff mbox

[namcap] elffiles: also check DF_BIND_NOW when checking FULL RELRO

Message ID 20180911142837.4205-1-yan12125@gmail.com
State Accepted, archived
Headers show

Commit Message

Emil Velikov via arch-projects Sept. 11, 2018, 2:28 p.m. UTC 
Looks like DF_BIND_NOW has the same function as DT_BIND_NOW.
---
 Namcap/rules/elffiles.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
index d707a58..b2ce6ec 100644
--- a/Namcap/rules/elffiles.py
+++ b/Namcap/rules/elffiles.py
@@ -140,11 +140,16 @@  class ELFGnuRelroRule(TarballRule):
 	description = "Check for FULL RELRO in ELF files."
 
 	def has_bind_now(self, elffile):
+		DF_BIND_NOW = 8
+
 		for section in elffile.iter_sections():
 			if not isinstance(section, DynamicSection):
 				continue
-			if any(tag.entry.d_tag == 'DT_BIND_NOW' for tag in section.iter_tags()):
-				return True
+			for tag in section.iter_tags():
+				if tag.entry.d_tag == 'DT_BIND_NOW':
+					return True
+				if tag.entry.d_tag == 'DT_FLAGS' and tag.entry.d_val & DF_BIND_NOW:
+					return True
 		return False
 
 	def analyze(self, pkginfo, tar):