Changeset 451 for branches/branch-1-0/src/helpers/xprf.c

Timestamp:

Jul 4, 2021, 3:54:01 PM (4 years ago)

Author:

pr

Message:

Add offset limit checking.

File:

• branches/branch-1-0/src/helpers/xprf.c (modified) (5 diffs)

branches/branch-1-0/src/helpers/xprf.c

@@ -74 +74 @@
 
 /*
- *      Copyright (C) 2000-2011 Ulrich M”ller.
+ *      Copyright (C) 2000-2021 Ulrich M”ller.
  *      This file is part of the "XWorkplace helpers" source package.
  *      This is free software; you can redistribute it and/or modify
@@ -402 +402 @@
  *
  *@@changed V1.0.0 (2002-09-17) [umoeller]: now returning APIRET
+ *@@changed WarpIN V1.0.25 (2021-07-04) [pr]: add limit checking
  */
 
@@ -432 +433 @@
                                     &cbRead)))
                 {
-                    if (cbRead != fs3.cbFile)
+                    if (cbRead != fs3.cbFile || cbRead < sizeof(INIFILE_HEADER))
                         arc = ERROR_NO_DATA;
                     else
@@ -442 +443 @@
 
                             // create-applications loop
-                            while ((ulAppOfs) && (!arc))
+                            while ((ulAppOfs) && (ulAppOfs + sizeof(INIFILE_APP) <= cbRead) && (!arc))
                             {
                                 // application struct
@@ -455 +456 @@
 
                                 // create-keys loop
-                                while ((ulKeysOfs) && (!arc))
+                                while ((ulKeysOfs) && (ulKeysOfs + sizeof(INIFILE_KEY) <= cbRead) && (!arc))
                                 {
                                     PINIFILE_KEY pKey = (PINIFILE_KEY)(pbFileData + ulKeysOfs);