Skip to content

Commit

Permalink
Tighten pod archive format check
Browse files Browse the repository at this point in the history 
Fix #1030
  • Loading branch information
@sirjuddington
sirjuddington committed May 3, 2019
1 parent 6c21f86 commit 6aa23f5
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion dist/res/config/entry_types/types_archives.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ entry_types
export_ext = "pod";
icon = "e_archive";
category = "Archives";
reliability = 150;
reliability = 100;
}

chasm_bin
Expand Down
16 changes: 12 additions & 4 deletions src/Archive/Formats/PodArchive.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,21 +292,25 @@ bool PodArchive::isPodArchive(MemChunk& mc)
mc.seek(0, 0);
uint32_t num_files;
mc.read(&num_files, 4);
if (num_files == 0)
return false; // 0 files, unlikely to be a valid archive

// Read id
char id[80];
mc.read(id, 80);

// Check size for directory
if (mc.getSize() < 84 + (num_files * 40))
auto dir_end = 84 + (num_files * 40);
if (mc.getSize() < dir_end)
return false;

// Read directory and check offsets
FileEntry entry;
for (unsigned a = 0; a < num_files; a++)
{
mc.read(&entry, 40);
if (entry.offset + entry.size > mc.getSize())
auto end = entry.offset + entry.size;
if (end > mc.getSize() || end < dir_end)
return false;
}
return true;
Expand Down Expand Up @@ -335,13 +339,16 @@ bool PodArchive::isPodArchive(string filename)
file.Seek(0);
uint32_t num_files;
file.Read(&num_files, 4);
if (num_files == 0)
return false; // 0 files, unlikely to be a valid archive

// Read id
char id[80];
file.Read(id, 80);

// Check size for directory
if (file_size < 84 + (num_files * 40))
auto dir_end = 84 + (num_files * 40);
if (file_size < dir_end)
{
file.Close();
return false;
Expand All @@ -352,7 +359,8 @@ bool PodArchive::isPodArchive(string filename)
for (unsigned a = 0; a < num_files; a++)
{
file.Read(&entry, 40);
if (entry.offset + entry.size > file_size)
auto end = entry.offset + entry.size;
if (end > file_size || end < dir_end)
return false;
}
return true;
Expand Down

0 comments on commit 6aa23f5

Please sign in to comment.