From 607c909d79e4bc317668c0244cc7c63136b0cebb Mon Sep 17 00:00:00 2001 From: Christophe Grenier Date: Sun, 18 Jun 2017 12:16:08 +0200 Subject: [PATCH] PhotoRec: another fix for Windows 9 x.reg bound checking Thanks to Adel KHALDI from Blue Frost Security GmbH for reporting the problem. --- src/file_reg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/file_reg.c b/src/file_reg.c index 4540d82e..73bf7b44 100644 --- a/src/file_reg.c +++ b/src/file_reg.c @@ -72,7 +72,7 @@ struct rgdb_block static int header_check_reg_9x(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new) { const struct creg_file_header*header=(const struct creg_file_header*)buffer; - if(le32(header->rgdb_offset)+4 > buffer_size) + if(le32(header->rgdb_offset) > buffer_size - 4) return 0; { const struct rgdb_block*block=(const struct rgdb_block*)(buffer+le32(header->rgdb_offset));