Browse code
bb#11282 - fixed upack passing an invalid dereference to rebuildpe
Kevin Lin authored on 2015/03/24 06:59:57Showing 1 changed files
| ... | ... |
@@ -432,6 +432,13 @@ int unupack(int upack, char *dest, uint32_t dsize, char *buff, uint32_t vma, uin |
| 432 | 432 |
section.rsz = end_edi-loc_edi; |
| 433 | 433 |
section.vsz = end_edi-loc_edi; |
| 434 | 434 |
|
| 435 |
+ /* bb#11282 - prevent dest+va/dest from passing an invalid dereference to cli_rebuildpe */ |
|
| 436 |
+ /* check should trigger on broken PE files where the section exists outside of the file */ |
|
| 437 |
+ if ((!upack && ((va + section.rsz) > dsize)) || (upack && (section.rsz > dsize))) {
|
|
| 438 |
+ cli_dbgmsg("Upack: Rebuilt section exceeds allocated buffer; breaks cli_rebuildpe() bb#11282\n");
|
|
| 439 |
+ return 0; |
|
| 440 |
+ } |
|
| 441 |
+ |
|
| 435 | 442 |
if (!cli_rebuildpe(dest + (upack?0:va), §ion, 1, base, original_ep, 0, 0, file)) {
|
| 436 | 443 |
cli_dbgmsg("Upack: Rebuilding failed\n");
|
| 437 | 444 |
return 0; |