From a4dcb0ecf632832258ebb523c6bc39b7b94f8775 Mon Sep 17 00:00:00 2001
From: Daniel Brahneborg <basic@chello.se>
Date: Sun, 3 Mar 2002 22:02:40 +0000
Subject: Add buffer overflow checks to handle truncated and corrupted sis
 files.

---
 sisinstall/Makefile.am      |  3 +--
 sisinstall/sisinstaller.cpp | 21 ++++++++++++++-------
 sisinstall/sisinstaller.h   |  6 ++++--
 sisinstall/sismain.cpp      | 17 ++++++++++++-----
 4 files changed, 31 insertions(+), 16 deletions(-)

(limited to 'sisinstall')

diff --git a/sisinstall/Makefile.am b/sisinstall/Makefile.am
index 67c990d..09c2620 100644
--- a/sisinstall/Makefile.am
+++ b/sisinstall/Makefile.am
@@ -5,8 +5,7 @@ INCLUDES=-I$(top_srcdir)/lib
 bin_PROGRAMS = sisinstall
 sisinstall_LDADD = $(top_srcdir)/lib/libplp.la
 sisinstall_SOURCES = psion.cpp sisinstaller.cpp sismain.cpp \
-	fakepsion.cpp
-sisinstall_HEADERS = fakepsion.h
+	fakepsion.cpp fakepsion.h
 EXTRA_DIST = psion.h sisinstaller.h
 
 maintainer-clean-local:
diff --git a/sisinstall/sisinstaller.cpp b/sisinstall/sisinstaller.cpp
index db58720..a82c9a2 100644
--- a/sisinstall/sisinstaller.cpp
+++ b/sisinstall/sisinstaller.cpp
@@ -152,10 +152,16 @@ SISInstaller::installFile(SISFileRecord* fileRecord)
 				printf("Recursive sis file...\n");
 			SISFile sisFile;
 			uchar* buf2 = m_buf + fileRecord->m_filePtrs[m_fileNo];
-			sisFile.fillFrom(buf2);
+			off_t len = fileRecord->m_fileLengths[m_fileNo];
+			SisRC rc = sisFile.fillFrom(buf2, len);
+			if (rc != SIS_OK)
+				{
+				printf("Could not read contained sis file, rc = %d\n", rc);
+				break;
+				}
 			SISInstaller installer;
 			installer.setPsion(m_psion);
-			installer.run(&sisFile, buf2, m_file);
+			rc = installer.run(&sisFile, buf2, len, m_file);
 			if (0 == m_drive)
 				{
 				m_drive = sisFile.m_header.m_installationDrive;
@@ -186,14 +192,14 @@ SISInstaller::setPsion(Psion* psion)
 	m_psion = psion;
 }
 
-void
-SISInstaller::run(SISFile* file, uchar* buf)
+SisRC
+SISInstaller::run(SISFile* file, uchar* buf, off_t len)
 {
-	run(file, buf, 0);
+	return run(file, buf, len, 0);
 }
 
-void
-SISInstaller::run(SISFile* file, uchar* buf, SISFile* parent)
+SisRC
+SISInstaller::run(SISFile* file, uchar* buf, off_t len, SISFile* parent)
 {
 	int n;
 	int lang;
@@ -318,6 +324,7 @@ SISInstaller::run(SISFile* file, uchar* buf, SISFile* parent)
 	printf("Creating residual sis file %s\n", resname);
 	copyBuf(buf, firstFile, resname);
 	delete[] resname;
+	return SIS_OK;
 }
 
 void
diff --git a/sisinstall/sisinstaller.h b/sisinstall/sisinstaller.h
index 6bc6c18..00077f3 100644
--- a/sisinstall/sisinstaller.h
+++ b/sisinstall/sisinstaller.h
@@ -3,6 +3,8 @@
 
 #include "sistypes.h"
 
+#include <sys/types.h>
+
 class Psion;
 class SISFile;
 class SISFileRecord;
@@ -15,9 +17,9 @@ class SISInstaller
 {
 public:
 
-	void run(SISFile* file, uchar* buf);
+	SisRC run(SISFile* file, uchar* buf, off_t len);
 
-	void run(SISFile* file, uchar* buf, SISFile* parent);
+	SisRC run(SISFile* file, uchar* buf, off_t len, SISFile* parent);
 
 	/**
 	 * Ask the user which drive to install to.
diff --git a/sisinstall/sismain.cpp b/sisinstall/sismain.cpp
index 8516b0f..5a5b640 100644
--- a/sisinstall/sismain.cpp
+++ b/sisinstall/sismain.cpp
@@ -67,12 +67,19 @@ void main(int argc, char* argv[])
 		}
 	createCRCTable();
 	SISFile sisFile;
-	sisFile.fillFrom(buf);
-	if (!dryrun)
+	SisRC rc = sisFile.fillFrom(buf, len);
+	if (rc == SIS_OK)
 		{
-		SISInstaller installer;
-		installer.setPsion(psion);
-		installer.run(&sisFile, buf);
+		if (!dryrun)
+			{
+			SISInstaller installer;
+			installer.setPsion(psion);
+			installer.run(&sisFile, buf, len);
+			}
+		}
+	else
+		{
+		printf("Could not parse the sis file.\n");
 		}
 	psion->disconnect();
 
-- 
cgit v1.2.3