From a4dcb0ecf632832258ebb523c6bc39b7b94f8775 Mon Sep 17 00:00:00 2001
From: Daniel Brahneborg <basic@chello.se>
Date: Sun, 3 Mar 2002 22:02:40 +0000
Subject: Add buffer overflow checks to handle truncated and corrupted sis
 files.

---
 lib/sisfile.cpp | 52 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 45 insertions(+), 7 deletions(-)

(limited to 'lib/sisfile.cpp')

diff --git a/lib/sisfile.cpp b/lib/sisfile.cpp
index 05551b9..f9a19fb 100644
--- a/lib/sisfile.cpp
+++ b/lib/sisfile.cpp
@@ -27,11 +27,16 @@
 
 #include <stdio.h>
 
-void
-SISFile::fillFrom(uchar* buf)
+SisRC
+SISFile::fillFrom(uchar* buf, off_t len)
 {
 	int ix = 0;
-	m_header.fillFrom(buf, &ix);
+	SisRC rc = m_header.fillFrom(buf, &ix, len);
+	if (rc != SIS_OK)
+		{
+		printf("Could not read header, rc = %d\n", rc);
+		return rc;
+		}
 	if (logLevel >= 2)
 		printf("Ate header, got ix = %d\n", ix);
 	int n;
@@ -42,7 +47,16 @@ SISFile::fillFrom(uchar* buf)
 	m_langRecords = new SISLangRecord[n];
 	ix = m_header.m_languagePtr;
 	for (int i = 0; i < n; ++i)
-		m_langRecords[i].fillFrom(buf, &ix);
+		{
+		if (ix >= len)
+			return SIS_TRUNCATED;
+		rc = m_langRecords[i].fillFrom(buf, &ix, len);
+		if (rc != SIS_OK)
+			{
+			printf("Problem reading language record %d, rc = %d.\n", i, rc);
+			return rc;
+			}
+		}
 
 	// Read requisites.
 	//
@@ -50,12 +64,26 @@ SISFile::fillFrom(uchar* buf)
 	m_reqRecords = new SISReqRecord[n];
 	ix = m_header.m_reqPtr;
 	for (int i = 0; i < n; ++i)
-		m_reqRecords[i].fillFrom(buf, &ix, this);
+		{
+		if (ix >= len)
+			return SIS_TRUNCATED;
+		rc = m_reqRecords[i].fillFrom(buf, &ix, len, this);
+		if (rc != SIS_OK)
+			{
+			printf("Problem reading requisite record %d, rc = %d.\n", i, rc);
+			return rc;
+			}
+		}
 
 	// Read component names, by language.
 	//
 	ix = m_header.m_componentPtr;
-	m_componentRecord.fillFrom(buf, ix, this);
+	rc = m_componentRecord.fillFrom(buf, ix, len, this);
+	if (rc != SIS_OK)
+		{
+		printf("Problem reading the name record, rc = %d.\n", rc);
+		return rc;
+		}
 
 	// Read files.
 	//
@@ -63,8 +91,18 @@ SISFile::fillFrom(uchar* buf)
 	m_fileRecords = new SISFileRecord[n];
 	ix = m_header.m_filesPtr;
 	for (int i = 0; i < n; ++i)
-		m_fileRecords[i].fillFrom(buf, &ix, this);
+		{
+		if (ix >= len)
+			return SIS_TRUNCATED;
+		rc = m_fileRecords[i].fillFrom(buf, &ix, len, this);
+		if (rc != SIS_OK)
+			{
+			printf("Problem reading file record %d, rc = %d.\n", i, rc);
+			return rc;
+			}
+		}
 
+	return SIS_OK;
 }
 
 int
-- 
cgit v1.2.3