nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

Ignore garbage in PE sigpos/siglen

Browse Source
This commit is contained in:
Michał Trojnara 2023-12-20 11:16:06 +01:00
parent 34bf3bc525
commit 98b004edda
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pe.c
View File

@ -646,14 +646,11 @@ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize)
siglen = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16 + 4); siglen = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16 + 4);
/* Since fix for MS Bulletin MS12-024 we can really assume /* Since fix for MS Bulletin MS12-024 we can really assume
that signature should be last part of file */ that signature should be last part of file */
if ((sigpos > 0 && sigpos < filesize && sigpos + siglen != filesize) if ((sigpos != 0 || siglen != 0) &&
|| (sigpos >= filesize)) { (sigpos == 0 || siglen == 0 || sigpos >= filesize || sigpos + siglen != filesize)) {
printf("Corrupt PE file - current signature not at the end of the file\n"); printf("Ignoring PE signature not at the end of the file\n");
return NULL; /* FAILED */ sigpos = 0;
} siglen = 0;
if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) {
printf("Corrupt signature\n");
return NULL; /* FAILED */
} }
pe_ctx = OPENSSL_zalloc(sizeof(PE_CTX)); pe_ctx = OPENSSL_zalloc(sizeof(PE_CTX));
pe_ctx->header_size = header_size; pe_ctx->header_size = header_size;