Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-28 15:41:38 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix out-of-bounds read in the PE loader (check_bytes)

Browse Source 
While at it also change the magic from hexpairs to "MZ" and "PE".
This commit is contained in:
Jonathan Neuschäfer 2014-06-15 12:08:18 +02:00
parent 5625f1620a
commit 8f49aad1f7
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libr/bin/p/bin_pe.c
View File

@ -358,10 +358,12 @@ static int check_bytes(const ut8 *buf, ut64 length) {
int ret = R_FALSE;
if (!buf)
return R_FALSE;
if (length <= 0x3d)
return R_FALSE;
idx = (buf[0x3c] | (buf[0x3d]<<8));
if (length > idx)
if (!memcmp (buf, "\x4d\x5a", 2) &&
!memcmp (buf+idx, "\x50\x45", 2) &&
if (length > idx+0x18+2)
if (!memcmp (buf, "MZ", 2) &&
!memcmp (buf+idx, "PE", 2) &&
!memcmp (buf+idx+0x18, "\x0b\x01", 2))
ret = R_TRUE;
return ret;

9
libr/bin/p/bin_pe64.c
View File

@ -15,11 +15,14 @@ static int check(RBinFile *arch) {
static int check_bytes(const ut8 *buf, ut64 length) {
int idx, ret = R_FALSE;
if (!buf) return R_FALSE;
if (!buf)
return R_FALSE;
if (length <= 0x3d)
return R_FALSE;
idx = buf[0x3c] | (buf[0x3d]<<8);
if (length >= idx+0x20)
if (!memcmp (buf, "\x4d\x5a", 2) &&
!memcmp (buf+idx, "\x50\x45", 2) &&
if (!memcmp (buf, "MZ", 2) &&
!memcmp (buf+idx, "MZ", 2) &&
!memcmp (buf+idx+0x18, "\x0b\x02", 2))
ret = R_TRUE;
return ret;