nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

detect recursion loop

Browse Source
This commit is contained in:
Michał Trojnara 2022-02-18 22:33:03 +01:00
parent 4eeeec32b4
commit a6d3be739e
3 changed files with 56 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
msi.c
View File

@ -404,9 +404,9 @@ MSI_FILE_HDR *msi_header_get(MSI_FILE *msi)
} }
/* Recursively parse MSI_DIRENT struct */ /* Recursively parse MSI_DIRENT struct */
int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret, int verbose) int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT *prev, MSI_DIRENT **ret, int verbose)
{ {
MSI_DIRENT *dirent, *unused = NULL; MSI_DIRENT *dirent;
MSI_ENTRY *lnode = NULL, *rnode = NULL, *cnode = NULL; MSI_ENTRY *lnode = NULL, *rnode = NULL, *cnode = NULL;
if (!entry) { if (!entry) {
@ -416,12 +416,22 @@ int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRE
if (verbose) printf("Corrupted Directory Entry Name Length\n"); if (verbose) printf("Corrupted Directory Entry Name Length\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
/* detect loops in previously visited entries (parents, siblings) */
if (entry->childID != NOSTREAM) {
for (dirent = prev; dirent; dirent = dirent->prev) {
if (dirent->entry->childID == entry->childID) {
printf("Entry loop at ID: 0x%08X\n", entry->childID);
return 0; /* FAILED */
}
}
}
dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT)); dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT));
memcpy(dirent->name, entry->name, entry->nameLen); memcpy(dirent->name, entry->name, entry->nameLen);
dirent->nameLen = entry->nameLen; dirent->nameLen = entry->nameLen;
dirent->type = entry->type; dirent->type = entry->type;
dirent->entry = entry; dirent->entry = entry;
dirent->children = sk_MSI_DIRENT_new_null(); dirent->children = sk_MSI_DIRENT_new_null();
dirent->prev = prev;
if (parent && !sk_MSI_DIRENT_push(parent->children, dirent)) { if (parent && !sk_MSI_DIRENT_push(parent->children, dirent)) {
if (verbose) printf("Failed to insert MSI_DIRENT\n"); if (verbose) printf("Failed to insert MSI_DIRENT\n");
@ -430,44 +440,50 @@ int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRE
return 0; /* FAILED */ return 0; /* FAILED */
} }
/* NOTE : These links are a tree, not a linked list */ /* NOTE : These links are a tree, not a linked list */
/* The special value NOSTREAM (0xFFFFFFFF) is used as a terminator */
if (entry->leftSiblingID != NOSTREAM) {
if (!get_entry(msi, entry->leftSiblingID, FALSE, &lnode, verbose)) { if (!get_entry(msi, entry->leftSiblingID, FALSE, &lnode, verbose)) {
if (verbose) printf("Corrupted Left Sibling ID: 0x%08X\n", entry->leftSiblingID); if (verbose) printf("Corrupted Left Sibling ID: 0x%08X\n", entry->leftSiblingID);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (!msi_dirent_new(msi, lnode, parent, &unused, verbose)) { if (!msi_dirent_new(msi, lnode, parent, dirent, NULL, verbose)) {
OPENSSL_free(lnode); OPENSSL_free(lnode);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
}
if (entry->rightSiblingID != NOSTREAM) {
if (!get_entry(msi, entry->rightSiblingID, FALSE, &rnode, verbose)) { if (!get_entry(msi, entry->rightSiblingID, FALSE, &rnode, verbose)) {
if (verbose) printf("Corrupted Right Sibling ID: 0x%08X\n", entry->rightSiblingID); if (verbose) printf("Corrupted Right Sibling ID: 0x%08X\n", entry->rightSiblingID);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (!msi_dirent_new(msi, rnode, parent, &unused, verbose)) { if (!msi_dirent_new(msi, rnode, parent, dirent, NULL, verbose)) {
OPENSSL_free(rnode); OPENSSL_free(rnode);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (entry->type != DIR_STREAM) { }
if (entry->type != DIR_STREAM && entry->childID != NOSTREAM) {
if (!get_entry(msi, entry->childID, FALSE, &cnode, verbose)) { if (!get_entry(msi, entry->childID, FALSE, &cnode, verbose)) {
if (verbose) printf("Corrupted Child ID: 0x%08X\n", entry->childID); if (verbose) printf("Corrupted Child ID: 0x%08X\n", entry->childID);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (!msi_dirent_new(msi, cnode, dirent, &unused, verbose)) { if (!msi_dirent_new(msi, cnode, dirent, dirent, NULL, verbose)) {
OPENSSL_free(cnode); OPENSSL_free(cnode);
sk_MSI_DIRENT_free(dirent->children); sk_MSI_DIRENT_free(dirent->children);
OPENSSL_free(dirent); OPENSSL_free(dirent);
return 0; /* FAILED */ return 0; /* FAILED */
} }
} }
if (ret)
*ret = dirent; *ret = dirent;
return 1; /* OK */ return 1; /* OK */
} }

5
msi.h
View File

@ -139,12 +139,13 @@ typedef struct {
u_char size[8]; u_char size[8];
} MSI_ENTRY; } MSI_ENTRY;
typedef struct { typedef struct msi_dirent_struct {
u_char name[DIRENT_MAX_NAME_SIZE]; u_char name[DIRENT_MAX_NAME_SIZE];
uint16_t nameLen; uint16_t nameLen;
uint8_t type; uint8_t type;
MSI_ENTRY *entry; MSI_ENTRY *entry;
STACK_OF(MSI_DIRENT) *children; STACK_OF(MSI_DIRENT) *children;
struct msi_dirent_struct *prev; /* detect loops */
} MSI_DIRENT; } MSI_DIRENT;
DEFINE_STACK_OF(MSI_DIRENT) DEFINE_STACK_OF(MSI_DIRENT)
@ -203,7 +204,7 @@ int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer
MSI_FILE *msi_file_new(char *buffer, uint32_t len, int verbose); MSI_FILE *msi_file_new(char *buffer, uint32_t len, int verbose);
void msi_file_free(MSI_FILE *msi); void msi_file_free(MSI_FILE *msi);
MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi, int verbose); MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi, int verbose);
int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret, int verbose); int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT *prev, MSI_DIRENT **ret, int verbose);
MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse); MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse);
void msi_dirent_free(MSI_DIRENT *dirent); void msi_dirent_free(MSI_DIRENT *dirent);
MSI_FILE_HDR *msi_header_get(MSI_FILE *msi); MSI_FILE_HDR *msi_header_get(MSI_FILE *msi);

2
osslsigncode.c
View File

@ -2919,7 +2919,7 @@ static int msi_verify_header(char *indata, uint32_t filesize, MSI_PARAMS *msipar
printf("Failed to get file entry\n"); printf("Failed to get file entry\n");
return 0; /* FAILED */ return 0; /* FAILED */
} }
if (!msi_dirent_new(msiparams->msi, root, NULL, &root_dir, verbose)) { if (!msi_dirent_new(msiparams->msi, root, NULL, NULL, &root_dir, verbose)) {
printf("Failed to parse MSI_DIRENT struct\n"); printf("Failed to parse MSI_DIRENT struct\n");
OPENSSL_free(root); OPENSSL_free(root);
return 0; /* FAILED */ return 0; /* FAILED */