Skip to content
Permalink
Browse files Browse the repository at this point in the history
Use asserts on lengths to prevent invalid reads/writes.
  • Loading branch information
EricSesterhennX41 authored and verdammelt committed Feb 23, 2017
1 parent 1016eae commit 1a17af1
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/mapi_attr.c
Expand Up @@ -174,6 +174,7 @@ mapi_attr_read (size_t len, unsigned char *buf)
uint32 i,j;
assert(len > 4);
uint32 num_properties = GETINT32(buf+idx);
assert((num_properties+1) != 0);
MAPI_Attr** attrs = CHECKED_XMALLOC (MAPI_Attr*, (num_properties + 1));

idx += 4;
Expand Down Expand Up @@ -212,6 +213,7 @@ mapi_attr_read (size_t len, unsigned char *buf)
/* read the data into a buffer */
a->names[i].data
= CHECKED_XMALLOC(unsigned char, a->names[i].len);
assert((idx+(a->names[i].len*2)) <= len);
for (j = 0; j < (a->names[i].len >> 1); j++)
a->names[i].data[j] = (buf+idx)[j*2];

Expand Down Expand Up @@ -308,8 +310,11 @@ mapi_attr_read (size_t len, unsigned char *buf)
case szMAPI_BINARY:
CHECKINT32(idx, len); v->len = GETINT32(buf+idx); idx += 4;

assert(v->len + idx <= len);

if (a->type == szMAPI_UNICODE_STRING)
{
assert(v->len != 0);
v->data.buf = (unsigned char*)unicode_to_utf8(v->len, buf+idx);
}
else
Expand Down

0 comments on commit 1a17af1

Please sign in to comment.