PhotoRec: another fix for Windows 9 x.reg bound checking

Thanks to Adel KHALDI from Blue Frost Security GmbH for reporting the problem.
2017-06-18 12:16:08 +02:00 · 2017-06-18 12:16:08 +02:00 · 607c909d79
commit 607c909d79
parent c16a893f92
1 changed files with 1 additions and 1 deletions
--- a/src/file_reg.c
+++ b/src/file_reg.c
@ -72,7 +72,7 @@ struct rgdb_block
 static int header_check_reg_9x(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
 {
  const struct creg_file_header*header=(const struct creg_file_header*)buffer;
-  if(le32(header->rgdb_offset)+4 > buffer_size)
+  if(le32(header->rgdb_offset) > buffer_size - 4)
    return 0;
  {
    const struct rgdb_block*block=(const struct rgdb_block*)(buffer+le32(header->rgdb_offset));