...
|
...
|
@@ -226,6 +226,12 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti
|
226
|
226
|
return CL_EFORMAT;
|
227
|
227
|
exe[pe+6]=(uint8_t)scount;
|
228
|
228
|
exe[pe+7]=(uint8_t)(scount>>8);
|
|
229
|
+ if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) ||
|
|
230
|
+ !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) ||
|
|
231
|
+ !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) {
|
|
232
|
+ cli_dbgmsg("WWPack: unpack memory address out of bounds.\n");
|
|
233
|
+ return CL_EFORMAT;
|
|
234
|
+ }
|
229
|
235
|
cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
|
230
|
236
|
cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz);
|
231
|
237
|
|