diff options
| author | Christophe Grenier <grenier@cgsecurity.org> | 2018-02-07 18:45:33 +0100 |
|---|---|---|
| committer | Christophe Grenier <grenier@cgsecurity.org> | 2018-02-07 18:45:33 +0100 |
| commit | 6282a476ef261f9b320ced44df349da681ed69d0 (patch) | |
| tree | 26929f0c4873603851b4385ba1fe68f02c05e366 /src | |
| parent | 3f0fe819b96094cdb60eaa55499b39edd7863d52 (diff) | |
src/file_doc.c: add assert()
Diffstat (limited to 'src')
| -rw-r--r-- | src/file_doc.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/file_doc.c b/src/file_doc.c index 9cce39c..e73dc52 100644 --- a/src/file_doc.c +++ b/src/file_doc.c @@ -30,6 +30,7 @@ #include <string.h> #endif #include <stdio.h> +#include <assert.h> #include "types.h" #include "common.h" #include "filegen.h" @@ -667,18 +668,19 @@ static const char *software_uni2ext(const unsigned int count, const unsigned cha static void OLE_parse_summary_aux(const unsigned char *dataPt, const unsigned int dirLen, const char **ext, char **title, time_t *file_time) { unsigned int pos; + assert(dirLen >= 48 && dirLen<=1024*1024); #ifdef DEBUG_OLE dump_log(dataPt, dirLen); #endif if(dataPt[0]!=0xfe || dataPt[1]!=0xff) return ; pos=get32u(dataPt, 44); + if(pos > dirLen - 8) + return ; { // unsigned int size; unsigned int numEntries; unsigned int i; - if(pos+8 > dirLen) - return ; numEntries=get32u(dataPt, pos+4); #ifdef DEBUG_OLE { |