* Check for invalid IAT directory

* Check for invalid bound import directory
* Optimization using std::move
* Removed unused structures from PeLibAux.h
This commit is contained in:
Ladislav Zezula 2020-07-24 14:19:33 +02:00
parent 235228a06d
commit 2132ddcd39
5 changed files with 14 additions and 24 deletions

View File

@ -648,7 +648,7 @@ namespace PeLib
m_occupiedAddresses.back().second += 1; m_occupiedAddresses.back().second += 1;
// Push the import descriptor into the vector // Push the import descriptor into the vector
vOldIidCurr.push_back(iidCurr); vOldIidCurr.push_back(std::move(iidCurr));
} }
// Space occupied by import descriptors // Space occupied by import descriptors

View File

@ -623,21 +623,6 @@ namespace PeLib
static inline std::size_t size() {return 8;} static inline std::size_t size() {return 8;}
}; };
template<int>
struct FieldSizes;
template<>
struct FieldSizes<32>
{
typedef std::uint32_t VAR4_8;
};
template<>
struct FieldSizes<64>
{
typedef std::uint64_t VAR4_8;
};
struct PELIB_IMAGE_OPTIONAL_HEADER32 struct PELIB_IMAGE_OPTIONAL_HEADER32
{ {
std::uint16_t Magic; std::uint16_t Magic;

View File

@ -173,10 +173,13 @@ namespace PeLib
std::uint32_t importSize = imageLoader.getDataDirSize(PELIB_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT); std::uint32_t importSize = imageLoader.getDataDirSize(PELIB_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT);
std::uint32_t sizeOfImage = imageLoader.getSizeOfImage(); std::uint32_t sizeOfImage = imageLoader.getSizeOfImage();
if(importRva >= sizeOfImage || (importRva + importSize) >= sizeOfImage) // Refuse to load blatantly invalid bound import directory
{ if(importSize & 0xFF000000)
return ERROR_INVALID_FILE;
// Refuse to load too large import directories
if((importRva + importSize) < importRva || importRva >= sizeOfImage || (importRva + importSize) >= sizeOfImage)
return ERROR_INVALID_FILE; return ERROR_INVALID_FILE;
}
std::vector<unsigned char> vBimpDir(importSize); std::vector<unsigned char> vBimpDir(importSize);
imageLoader.readImage(reinterpret_cast<char*>(vBimpDir.data()), importRva, importSize); imageLoader.readImage(reinterpret_cast<char*>(vBimpDir.data()), importRva, importSize);

View File

@ -53,11 +53,13 @@ namespace PeLib
std::uint32_t sizeOfImage = imageLoader.getSizeOfImage(); std::uint32_t sizeOfImage = imageLoader.getSizeOfImage();
int fileError = ERROR_NONE; int fileError = ERROR_NONE;
// Check whether the IAT is outside the image // Refuse to load blatantly invalid IAT
if(iatRva >= sizeOfImage) if(iatSize & 0xFF000000)
{ return ERROR_INVALID_FILE;
// Refuse to load too large IAT directories
if((iatRva + iatSize) < iatRva || iatRva >= sizeOfImage || (iatRva + iatSize) >= sizeOfImage)
return ERROR_INVALID_FILE; return ERROR_INVALID_FILE;
}
// Trim the array size to the size of image // Trim the array size to the size of image
if((iatRva + iatSize) > sizeOfImage) if((iatRva + iatSize) > sizeOfImage)

View File

@ -149,7 +149,7 @@ namespace PeLib
} }
// Push the data to the relocations vector // Push the data to the relocations vector
m_vRelocations.push_back(ibrCurr); m_vRelocations.push_back(std::move(ibrCurr));
} }
} }
} }