ckolivas/lrzip
1
0
Fork 0
mirror of https://github.com/ckolivas/lrzip.git synced 2026-02-14 03:14:14 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Sanity check for potentially maliciously encoded expected size in magic header.

Browse source
This commit is contained in:
ckolivas 2026-02-12 19:10:09 +11:00
parent 4eefa39477
commit 21d97a3b6c
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lrzip.c
View file

@ -229,10 +229,14 @@ static bool get_magic(rzip_control *control, char *magic)
/* Support the convoluted way we described size in versions < 0.40 */
if (control->major_version == 0 && control->minor_version < 4) {
i64 ormask;
memcpy(&v, &magic[6], 4);
expected_size = ntohl(v);
memcpy(&v, &magic[10], 4);
expected_size |= ((i64)ntohl(v)) << 32;
ormask = ((i64)ntohl(v));
if (ormask > 0x7FFFFFFF)
failure_return(("Invalid expected size encoded in magic header\n"), false);
expected_size |= ormask << 32;
} else {
memcpy(&expected_size, &magic[6], 8);
expected_size = le64toh(expected_size);