Skip to content
Permalink
Browse files Browse the repository at this point in the history
Avoid returning CHM file entries that are "blank" because they have e…
…mbedded null bytes
  • Loading branch information
kyz committed Oct 17, 2018
1 parent 944cc10 commit 8759da8
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
6 changes: 6 additions & 0 deletions libmspack/ChangeLog
@@ -1,3 +1,9 @@
2018-10-17 Stuart Caie <kyzer@cabextract.org.uk>

* chmd_read_headers(): again reject files with blank filenames, this
time because their 1st or 2nd byte is null, not because their length
is zero. Thanks again to Hanno Böck for finding the issue.

2018-10-16 Stuart Caie <kyzer@cabextract.org.uk>

* Makefile.am: using automake _DEPENDENCIES for chmd_test appears to
Expand Down
6 changes: 3 additions & 3 deletions libmspack/mspack/chmd.c
Expand Up @@ -447,14 +447,14 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
while (num_entries--) {
READ_ENCINT(name_len);
if (name_len > (unsigned int) (end - p)) goto chunk_end;
/* consider blank filenames to be an error */
if (name_len == 0) goto chunk_end;
name = p; p += name_len;

READ_ENCINT(section);
READ_ENCINT(offset);
READ_ENCINT(length);

/* ignore blank or one-char (e.g. "/") filenames we'd return as blank */
if (name_len < 2 || !name[0] || !name[1]) continue;

/* empty files and directory names are stored as a file entry at
* offset 0 with length 0. We want to keep empty files, but not
* directory names, which end with a "/" */
Expand Down

1 comment on commit 8759da8

@carnil
Copy link

@carnil carnil commented on 8759da8 Oct 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue fixed by this commit got CVE-2018-18585 assigned.

Please sign in to comment.