summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2020-06-17 13:55:45 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2020-06-17 13:55:45 +0200
commitd895850d2f009c03fa1774ec3f63cb8e22d50793 (patch)
tree185144a0e5dcce915c3d54f1b6eed52d0b354e26
parentb660bb8c035f1dbc5e01007e14917faa6b7a9d82 (diff)
PhotoRec: stricter check for compressed swf files
-rw-r--r--src/file_swf.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/file_swf.c b/src/file_swf.c
index 20a1df1..a098215 100644
--- a/src/file_swf.c
+++ b/src/file_swf.c
@@ -192,11 +192,13 @@ static int header_check_swf(const unsigned char *buffer, const unsigned int buff
static int header_check_swfz(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
const struct swfz_header *hdr=(const struct swfz_header *)buffer;
- if(hdr->version < 11 || le32(hdr->compressedLen) < 6)
+ const unsigned int compressedLen=le32(hdr->compressedLen);
+ /* ZWS file compression is permitted in SWF 13 or later only. */
+ if(hdr->version < 13 || hdr->version > 50 || compressedLen < 6)
return 0;
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=file_hint_swf.extension;
- file_recovery_new->calculated_file_size=(uint64_t)4+4+4+5+le32(hdr->compressedLen);
+ file_recovery_new->calculated_file_size=(uint64_t)4+4+4+5+compressedLen;
file_recovery_new->data_check=&data_check_size;
file_recovery_new->file_check=&file_check_size_max;
return 1;