Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libmspack.10847
libmspack-fix-bounds-checking.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libmspack-fix-bounds-checking.patch of Package libmspack.10847
From 72e70a921f0f07fee748aec2274b30784e1d312a Mon Sep 17 00:00:00 2001 From: Stuart Caie <kyzer@cabextract.org.uk> Date: Sat, 12 May 2018 10:51:34 +0100 Subject: [PATCH] Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. Thanks to Hanno Böck for reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libmspack/ChangeLog | 10 ++++++++++ libmspack/mspack/chmd.c | 9 ++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/mspack/chmd.c b/mspack/chmd.c index c921c8c..9c32658 100644 --- a/mspack/chmd.c +++ b/mspack/chmd.c @@ -1,5 +1,5 @@ /* This file is part of libmspack. - * (C) 2003-2011 Stuart Caie. + * (C) 2003-2018 Stuart Caie. * * libmspack is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License (LGPL) version 2.1 @@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, D(("first pmgl chunk is after last pmgl chunk")) return MSPACK_ERR_DATAFORMAT; } - if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) { + if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) { D(("index_root outside valid range")) return MSPACK_ERR_DATAFORMAT; } @@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self, unsigned char *buf; /* check arguments - most are already checked by chmd_fast_find */ - if (chunk_num > chm->num_chunks) return NULL; + if (chunk_num >= chm->num_chunks) return NULL; /* ensure chunk cache is available */ if (!chm->chunk_cache) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor