luisgulo/testdisk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

PhotoRec: limit recursion depth and loop count when checking exe information

Browse source
This commit is contained in:
Christophe Grenier 2009-03-15 21:20:21 +01:00
parent 1f11723545
commit aaaac59018
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/file_exe.c
View file

@ -241,7 +241,7 @@ static void PEVersion(FILE *file, const unsigned int offset, const unsigned int
char *buffer; char *buffer;
unsigned int pos=0; unsigned int pos=0;
unsigned int end=length; unsigned int end=length;
if(length==0) if(length==0 || length > 1024*1024)
return; return;
if(fseek(file, offset, SEEK_SET)<0) if(fseek(file, offset, SEEK_SET)<0)
return ; return ;
@ -340,7 +340,7 @@ static void file_exe_ressource(FILE *file, const unsigned int base, const unsign
#ifdef DEBUG_EXE #ifdef DEBUG_EXE
log_info("file_exe_ressource(file, %u, %u, %u, %u)\n", base, dir_start, size, level); log_info("file_exe_ressource(file, %u, %u, %u, %u)\n", base, dir_start, size, level);
#endif #endif
if(level >= 10) if(level > 2)
return ; return ;
if(fseek(file, base + dir_start, SEEK_SET)<0) if(fseek(file, base + dir_start, SEEK_SET)<0)
return ; return ;
@ -350,7 +350,7 @@ static void file_exe_ressource(FILE *file, const unsigned int base, const unsign
nameEntries = buffer[12]+(buffer[13]<<8); nameEntries = buffer[12]+(buffer[13]<<8);
idEntries = buffer[14]+(buffer[15]<<8); idEntries = buffer[14]+(buffer[15]<<8);
count = nameEntries + idEntries; count = nameEntries + idEntries;
if(count==0) if(count==0 || count > 1024)
return ; return ;
rsrc_entries=(struct rsrc_entries *)MALLOC(count * sizeof(struct rsrc_entries)); rsrc_entries=(struct rsrc_entries *)MALLOC(count * sizeof(struct rsrc_entries));
if(fread(rsrc_entries, sizeof(struct rsrc_entries), count, file) != count) if(fread(rsrc_entries, sizeof(struct rsrc_entries), count, file) != count)