[Debootloaders-devel] r82 - trunk/rsrce
Jeremie Koenig
jkoenig-guest at costa.debian.org
Tue Jul 11 20:46:23 UTC 2006
Author: jkoenig-guest
Date: 2006-07-11 20:46:22 +0000 (Tue, 11 Jul 2006)
New Revision: 82
Modified:
trunk/rsrce/translate.c
Log:
fixed crash on malformed resource data in strhash_export
Modified: trunk/rsrce/translate.c
===================================================================
--- trunk/rsrce/translate.c 2006-07-11 15:27:31 UTC (rev 81)
+++ trunk/rsrce/translate.c 2006-07-11 20:46:22 UTC (rev 82)
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <stdint.h>
#include <netinet/in.h>
#include "resource.h"
#include "translate.h"
@@ -75,18 +76,20 @@
int tr_strhash_export(FILE *f, void *data, int len)
{
- unsigned short *n;
- unsigned char *s;
- int strn;
+ uint8_t *buf = data;
+ int strn, pos;
- n = (unsigned short *) data;
- s = (unsigned char *) (n+1);
- strn = ntohs(*n);
-
+ strn = (len >= 2) ? htons(* (uint16_t *) data) : 1;
+ pos = sizeof (uint16_t);
+
while(strn--) {
- if(tr_str_export(f, s, *s+1) != 0)
+ if(pos + 1 > len || pos + 1 + buf[pos] > len) {
+ fprintf(stderr,"W: unexpected end of resource data\n");
+ return 0;
+ }
+ if(tr_str_export(f, buf + pos, 1 + buf[pos]) != 0)
return -1;
- s += *s;
+ pos += 1 + buf[pos];
}
return 0;
More information about the Debootloaders-devel
mailing list