Skip to content

Commit 8dccf79

Browse files
EricSesterhennX41verdammelt
authored andcommitted
Check types to avoid invalid reads/writes.
1 parent c504468 commit 8dccf79

File tree

2 files changed

+13
-7
lines changed

2 files changed

+13
-7
lines changed

Diff for: src/file.c

+4
Original file line numberDiff line numberDiff line change
@@ -173,24 +173,28 @@ file_add_mapi_attrs (File* file, MAPI_Attr** attrs)
173173
switch (a->name)
174174
{
175175
case MAPI_ATTACH_LONG_FILENAME:
176+
assert(a->type == szMAPI_STRING);
176177
if (file->name) XFREE(file->name);
177178
file->name = strdup( (char*)a->values[0].data.buf );
178179
break;
179180

180181
case MAPI_ATTACH_DATA_OBJ:
182+
assert((a->type == szMAPI_BINARY) || (a->type == szMAPI_OBJECT));
181183
file->len = a->values[0].len;
182184
if (file->data) XFREE (file->data);
183185
file->data = CHECKED_XMALLOC (unsigned char, file->len);
184186
memmove (file->data, a->values[0].data.buf, file->len);
185187
break;
186188

187189
case MAPI_ATTACH_MIME_TAG:
190+
assert(a->type == szMAPI_STRING);
188191
if (file->mime_type) XFREE (file->mime_type);
189192
file->mime_type = CHECKED_XMALLOC (char, a->values[0].len);
190193
memmove (file->mime_type, a->values[0].data.buf, a->values[0].len);
191194
break;
192195

193196
case MAPI_ATTACH_CONTENT_ID:
197+
assert(a->type == szMAPI_STRING);
194198
if (file->content_id) XFREE(file->content_id);
195199
file->content_id = CHECKED_XMALLOC (char, a->values[0].len);
196200
memmove (file->content_id, a->values[0].data.buf, a->values[0].len);

Diff for: src/tnef.c

+9-7
Original file line numberDiff line numberDiff line change
@@ -165,10 +165,12 @@ get_html_data (MAPI_Attr *a)
165165
int j;
166166
for (j = 0; j < a->num_values; j++)
167167
{
168-
body[j] = XMALLOC(VarLenData, 1);
169-
body[j]->len = a->values[j].len;
170-
body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len);
171-
memmove (body[j]->data, a->values[j].data.buf, body[j]->len);
168+
if (a->type == szMAPI_BINARY) {
169+
body[j] = XMALLOC(VarLenData, 1);
170+
body[j]->len = a->values[j].len;
171+
body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len);
172+
memmove (body[j]->data, a->values[j].data.buf, body[j]->len);
173+
}
172174
}
173175
return body;
174176
}
@@ -306,13 +308,13 @@ parse_file (FILE* input_file, char* directory,
306308
for (i = 0; mapi_attrs[i]; i++)
307309
{
308310
MAPI_Attr *a = mapi_attrs[i];
309-
310-
if (a->name == MAPI_BODY_HTML)
311+
312+
if (a->type == szMAPI_BINARY && a->name == MAPI_BODY_HTML)
311313
{
312314
body.html_bodies = get_html_data (a);
313315
html_size = a->num_values;
314316
}
315-
else if (a->name == MAPI_RTF_COMPRESSED)
317+
else if (a->type == szMAPI_BINARY && a->name == MAPI_RTF_COMPRESSED)
316318
{
317319
body.rtf_bodies = get_rtf_data (a);
318320
rtf_size = a->num_values;

0 commit comments

Comments
 (0)