rpms / libmspack

Clone
Source Code
GIT

Files

  1.   6c599fb596de794abba64d233321cdc353acaf7c
  2.   SOURCES
  3.   0003-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
Blob Blame History Raw 
From 86cca984516664267a3f783dcdf84ac918494a02 Mon Sep 17 00:00:00 2001
From: Stuart Caie <kyzer@cabextract.org.uk>
Date: Sat, 12 May 2018 10:51:34 +0100
Subject: [PATCH 3/3] =?UTF-8?q?Fix=20off-by-one=20bounds=20check=20on=20CH?=
 =?UTF-8?q?M=20PMGI/PMGL=20chunk=20numbers=20and=20reject=20empty=20filena?=
 =?UTF-8?q?mes.=20Thanks=20to=20Hanno=20B=C3=B6ck=20for=20reporting?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 72e70a921f0f07fee748aec2274b30784e1d312a)
---
 libmspack/mspack/chmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libmspack/mspack/chmd.c b/libmspack/mspack/chmd.c
index 1d198bf..45fa0ec 100644
--- a/libmspack/mspack/chmd.c
+++ b/libmspack/mspack/chmd.c
@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
     while (num_entries--) {
       READ_ENCINT(name_len);
       if (name_len > (unsigned int) (end - p)) goto chunk_end;
+      /* consider blank filenames to be an error */
+      if (name_len == 0) goto chunk_end;
       name = p; p += name_len;
+
       READ_ENCINT(section);
       READ_ENCINT(offset);
       READ_ENCINT(length);
-- 
2.19.0.rc0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation