summaryrefslogtreecommitdiffstats
path: root/src/file_exe.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2009-03-13 08:42:42 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2009-03-13 08:42:42 +0100
commit1f117235459041ce9d22988a982185edafc49c9b (patch)
tree92481d35160f40c6e1dbcc28159cccb05aac145f /src/file_exe.c
parentf8e28538972bc080fce3d363c5ae4a6e955b0318 (diff)
file_exe.c: Add missing boundary checks
Diffstat (limited to 'src/file_exe.c')
-rw-r--r--src/file_exe.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/file_exe.c b/src/file_exe.c
index 91debcb..d87e92a 100644
--- a/src/file_exe.c
+++ b/src/file_exe.c
@@ -421,6 +421,11 @@ static void file_rename_exe(const char *old_filename)
if((file=fopen(old_filename, "rb"))==NULL)
return;
buffer_size=fread(buffer, 1, sizeof(buffer), file);
+ if(buffer_size < (int)sizeof(struct dos_image_file_hdr))
+ {
+ fclose(file);
+ return ;
+ }
if(!(memcmp(buffer,exe_header,sizeof(exe_header))==0 &&
le16(dos_hdr->bytes_in_last_block) <= 512 &&
le16(dos_hdr->blocks_in_file) > 0 &&
@@ -432,6 +437,11 @@ static void file_rename_exe(const char *old_filename)
}
{
const struct pe_image_file_hdr *pe_hdr;
+ if((unsigned int)buffer_size < le32(dos_hdr->e_lfanew)+sizeof(struct pe_image_file_hdr))
+ {
+ fclose(file);
+ return ;
+ }
pe_hdr=(const struct pe_image_file_hdr *)(buffer+le32(dos_hdr->e_lfanew));
if(le32(dos_hdr->e_lfanew)==0 ||
le32(dos_hdr->e_lfanew) > buffer_size-sizeof(struct pe_image_file_hdr) ||