From 08113a08cb9697959439ef40188cf7aa25496b86 Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Mon, 23 Jan 2023 14:10:15 +0100
Subject: [PATCH] Check pagesize upper bound, CID 1519382

---
 osslsigncode.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/osslsigncode.c b/osslsigncode.c
index aacd4f9..50b41d3 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -1587,9 +1587,11 @@ static u_char *pe_calc_page_hash(char *indata, uint32_t header_size,
 	}
 	/* SectionAlignment is the alignment (in bytes) of sections when they are
 	 * loaded into memory. It must be greater than or equal to FileAlignment.
-	 * The default is the page size for the architecture. */
+	 * The default is the page size for the architecture.
+	 * The large page size is at most 4 MB.
+	 * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */
 	pagesize = GET_UINT32_LE(indata + header_size + 56);
-	if (pagesize < alignment || pagesize > UINT32_MAX) {
+	if (pagesize < alignment || pagesize > 4194304) {
 		printf("Corrupted page size: 0x%08X\n", pagesize);
 		return NULL; /* FAILED */
 	}