diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-10-13 12:27:31 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-10-13 12:28:07 +0200 |
commit | ffab889c1710c7646af9ed360c796a2a0a619efc (patch) | |
tree | 2b654a905ad4fe63a1db5a21c0412489e658f8f0 | |
parent | 1ff778f387d22d9f18d4e2a25e193d027498c598 (diff) | |
download | libextractor-ffab889c1710c7646af9ed360c796a2a0a619efc.tar.gz libextractor-ffab889c1710c7646af9ed360c796a2a0a619efc.zip |
fix looping in nsfe extractor for problematic chunksize in input file
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | src/plugins/nsfe_extractor.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -1,3 +1,6 @@ | |||
1 | Fri Oct 13 12:27:38 CEST 2017 | ||
2 | Protect against problematic integer offset in NSFE plugin found by Leon Zhao. -CG | ||
3 | |||
1 | Fri Oct 13 12:15:35 CEST 2017 | 4 | Fri Oct 13 12:15:35 CEST 2017 |
2 | Protect against integer overflows in PNG plugin found by Leon Zhao. -CG | 5 | Protect against integer overflows in PNG plugin found by Leon Zhao. -CG |
3 | 6 | ||
diff --git a/src/plugins/nsfe_extractor.c b/src/plugins/nsfe_extractor.c index bde1315..6a8be86 100644 --- a/src/plugins/nsfe_extractor.c +++ b/src/plugins/nsfe_extractor.c | |||
@@ -373,9 +373,9 @@ EXTRACTOR_nsfe_extract_method (struct EXTRACTOR_ExtractContext *ec) | |||
373 | 8)) | 373 | 8)) |
374 | break; | 374 | break; |
375 | chunksize = nsfeuint (data); | 375 | chunksize = nsfeuint (data); |
376 | if (off + chunksize + 8 <= off) | 376 | if (off + chunksize + 8LLU <= off) |
377 | break; /* protect against looping */ | 377 | break; /* protect against looping */ |
378 | off += 8 + chunksize; | 378 | off += 8LLU + chunksize; |
379 | if (0 == memcmp (data + 4, "INFO", 4)) | 379 | if (0 == memcmp (data + 4, "INFO", 4)) |
380 | ret = info_extract (ec, chunksize); | 380 | ret = info_extract (ec, chunksize); |
381 | else if (0 == memcmp (data + 4, "auth", 4)) | 381 | else if (0 == memcmp (data + 4, "auth", 4)) |