From c6990878c26f94fe8aea470b731dd38462c4c4b3 Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Thu, 25 May 2023 14:59:28 +0200
Subject: [PATCH] Check the length of the attribute certificate entry

---
 pe.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pe.c b/pe.c
index 5c56c26..80daac1 100644
--- a/pe.c
+++ b/pe.c
@@ -206,6 +206,12 @@ static int pe_check_file(FILE_FORMAT_CTX *ctx, int detached)
      */
     while (sum < ctx->pe_ctx->siglen) {
         uint32_t len = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->sigpos + sum);
+        if (ctx->pe_ctx->siglen - len > 8) {
+            printf("Corrupted attribute certificate table\n");
+            printf("Attribute certificate table size  : %08X\n", ctx->pe_ctx->siglen);
+            printf("Attribute certificate entry length: %08X\n\n", len);
+            return 0; /* FAILED */
+        }
         /* quadword align data */
         len += len % 8 ? 8 - len % 8 : 0;
         sum += len;