• R/O
  • HTTP
  • SSH
  • HTTPS

lha: Commit


Commit MetaInfo

Revisionbf2471f59ecc1aa45645d967bc9fa0efa3de3556 (tree)
Zeit2016-01-16 22:27:01
AutorKoji Arai <jca02266@gmai...>
CommiterKoji Arai

Log Message

Avoid the buffer overflow BUG to occur to read the level0 or level1 header

Ändern Zusammenfassung

Diff

--- a/src/header.c
+++ b/src/header.c
@@ -788,6 +788,7 @@ get_header_level0(fp, hdr, data)
788788 char *data;
789789 {
790790 size_t header_size;
791+ ssize_t remain_size;
791792 ssize_t extend_size;
792793 int checksum;
793794 int name_length;
@@ -797,8 +798,14 @@ get_header_level0(fp, hdr, data)
797798 hdr->header_size = header_size = get_byte();
798799 checksum = get_byte();
799800
800- if (fread(data + COMMON_HEADER_SIZE,
801- header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
801+ /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
802+ So we must read the remaining header size by the header_size. */
803+ remain_size = header_size + 2 - COMMON_HEADER_SIZE;
804+ if (remain_size <= 0) {
805+ error("Invalid header size (LHarc file ?)");
806+ return FALSE;
807+ }
808+ if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
802809 error("Invalid header (LHarc file ?)");
803810 return FALSE; /* finish */
804811 }
@@ -904,6 +911,7 @@ get_header_level1(fp, hdr, data)
904911 char *data;
905912 {
906913 size_t header_size;
914+ ssize_t remain_size;
907915 ssize_t extend_size;
908916 int checksum;
909917 int name_length;
@@ -913,8 +921,14 @@ get_header_level1(fp, hdr, data)
913921 hdr->header_size = header_size = get_byte();
914922 checksum = get_byte();
915923
916- if (fread(data + COMMON_HEADER_SIZE,
917- header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
924+ /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
925+ So we must read the remaining header size by the header_size. */
926+ remain_size = header_size + 2 - COMMON_HEADER_SIZE;
927+ if (remain_size <= 0) {
928+ error("Invalid header size (LHarc file ?)");
929+ return FALSE;
930+ }
931+ if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
918932 error("Invalid header (LHarc file ?)");
919933 return FALSE; /* finish */
920934 }
Show on old repository browser