diff options
author | Daniel Brahneborg <basic@chello.se> | 2002-03-03 22:02:40 +0000 |
---|---|---|
committer | Daniel Brahneborg <basic@chello.se> | 2002-03-03 22:02:40 +0000 |
commit | a4dcb0ecf632832258ebb523c6bc39b7b94f8775 (patch) | |
tree | 18cf38bb6ecd95671401414c2ba8381b6c90132f /lib/sisfileheader.cpp | |
parent | d92c2abcca7d9270f49cbfb09a27bfda86642c31 (diff) | |
download | plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.gz plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.tar.bz2 plptools-a4dcb0ecf632832258ebb523c6bc39b7b94f8775.zip |
Add buffer overflow checks to handle truncated and corrupted sis files.
Diffstat (limited to 'lib/sisfileheader.cpp')
-rw-r--r-- | lib/sisfileheader.cpp | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/sisfileheader.cpp b/lib/sisfileheader.cpp index f8b88d0..3279c38 100644 --- a/lib/sisfileheader.cpp +++ b/lib/sisfileheader.cpp @@ -28,9 +28,11 @@ const int OFF_NUMBER_OF_FILES = 26; const int OFF_INSTALLATION_DRIVE = 28; -void -SISFileHeader::fillFrom(uchar* buf, int* base) +SisRC +SISFileHeader::fillFrom(uchar* buf, int* base, off_t len) { + if (*base + 68 > len) + return SIS_TRUNCATED; uchar* start = buf + *base; m_buf = buf; m_uid1 = read32(start); @@ -40,7 +42,7 @@ SISFileHeader::fillFrom(uchar* buf, int* base) if (m_uid2 != 0x1000006d) { printf("Got bad uid2.\n"); - exit(1); + return SIS_CORRUPTED; } if (logLevel >= 2) printf("Got uid2 = %08x\n", m_uid2); @@ -48,7 +50,7 @@ SISFileHeader::fillFrom(uchar* buf, int* base) if (m_uid3 != 0x10000419) { printf("Got bad uid3.\n"); - exit(1); + return SIS_CORRUPTED; } if (logLevel >= 2) printf("Got uid3 = %08x\n", m_uid3); @@ -66,7 +68,7 @@ SISFileHeader::fillFrom(uchar* buf, int* base) if ((crc2 << 16 | crc1) != m_uid4) { printf("Got bad crc.\n"); - exit(1); + return SIS_CORRUPTED; } m_crc = read16(start + 16); m_nlangs = read16(start + 18); @@ -108,17 +110,26 @@ SISFileHeader::fillFrom(uchar* buf, int* base) m_languagePtr = read32(start + 48); if (logLevel >= 2) printf("Languages begin at %d\n", m_languagePtr); + if (m_languagePtr >= len) + return SIS_TRUNCATED; m_filesPtr = read32(start + 52); if (logLevel >= 2) printf("Files begin at %d\n", m_filesPtr); + if (m_filesPtr >= len) + return SIS_TRUNCATED; m_reqPtr = read32(start + 56); if (logLevel >= 2) printf("Requisites begin at %d\n", m_reqPtr); + if (m_reqPtr >= len) + return SIS_TRUNCATED; m_unknown = read32(start + 60); m_componentPtr = read32(start + 64); if (logLevel >= 2) printf("Components begin at %d\n", m_componentPtr); + if (m_componentPtr >= len) + return SIS_TRUNCATED; *base += 68; + return SIS_OK; } void |