aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2017-10-13 12:27:31 +0200
committerChristian Grothoff <christian@grothoff.org>2017-10-13 12:28:07 +0200
commitffab889c1710c7646af9ed360c796a2a0a619efc (patch)
tree2b654a905ad4fe63a1db5a21c0412489e658f8f0
parent1ff778f387d22d9f18d4e2a25e193d027498c598 (diff)
downloadlibextractor-ffab889c1710c7646af9ed360c796a2a0a619efc.tar.gz
libextractor-ffab889c1710c7646af9ed360c796a2a0a619efc.zip
fix looping in nsfe extractor for problematic chunksize in input file
-rw-r--r--ChangeLog3
-rw-r--r--src/plugins/nsfe_extractor.c4
2 files changed, 5 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index ec2ebb2..7322083 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
1Fri Oct 13 12:27:38 CEST 2017
2 Protect against problematic integer offset in NSFE plugin found by Leon Zhao. -CG
3
1Fri Oct 13 12:15:35 CEST 2017 4Fri Oct 13 12:15:35 CEST 2017
2 Protect against integer overflows in PNG plugin found by Leon Zhao. -CG 5 Protect against integer overflows in PNG plugin found by Leon Zhao. -CG
3 6
diff --git a/src/plugins/nsfe_extractor.c b/src/plugins/nsfe_extractor.c
index bde1315..6a8be86 100644
--- a/src/plugins/nsfe_extractor.c
+++ b/src/plugins/nsfe_extractor.c
@@ -373,9 +373,9 @@ EXTRACTOR_nsfe_extract_method (struct EXTRACTOR_ExtractContext *ec)
373 8)) 373 8))
374 break; 374 break;
375 chunksize = nsfeuint (data); 375 chunksize = nsfeuint (data);
376 if (off + chunksize + 8 <= off) 376 if (off + chunksize + 8LLU <= off)
377 break; /* protect against looping */ 377 break; /* protect against looping */
378 off += 8 + chunksize; 378 off += 8LLU + chunksize;
379 if (0 == memcmp (data + 4, "INFO", 4)) 379 if (0 == memcmp (data + 4, "INFO", 4))
380 ret = info_extract (ec, chunksize); 380 ret = info_extract (ec, chunksize);
381 else if (0 == memcmp (data + 4, "auth", 4)) 381 else if (0 == memcmp (data + 4, "auth", 4))