summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2021-08-22 13:40:12 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2021-08-22 13:45:15 +0200
commit3ef7c3bb37e40de2653daf306e8bcb2a87446271 (patch)
tree8e5e21087e2b61bf7b3f0626afeccfbc30f8541a
parent93f17ac5382be1102151fe1322ce90e85665e161 (diff)
Tighten bounds checks in sqfs_dir_reader_reader
Use the same size check as sqfs_dir_reader_open_dir and report EOF, even if it is possible to read the header itself, but nothing beyond that. Also check if it should be possible to read an entry header before attempting and report EOF if not. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
-rw-r--r--lib/sqfs/dir_reader.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/sqfs/dir_reader.c b/lib/sqfs/dir_reader.c
index e6467ef..f560069 100644
--- a/lib/sqfs/dir_reader.c
+++ b/lib/sqfs/dir_reader.c
@@ -164,7 +164,7 @@ int sqfs_dir_reader_read(sqfs_dir_reader_t *rd, sqfs_dir_entry_t **out)
int err;
if (!rd->entries) {
- if (rd->size < sizeof(rd->hdr))
+ if (rd->size <= sizeof(rd->hdr))
return 1;
err = sqfs_meta_reader_read_dir_header(rd->meta_dir, &rd->hdr);
@@ -175,6 +175,12 @@ int sqfs_dir_reader_read(sqfs_dir_reader_t *rd, sqfs_dir_entry_t **out)
rd->entries = rd->hdr.count + 1;
}
+ if (rd->size <= sizeof(*ent)) {
+ rd->size = 0;
+ rd->entries = 0;
+ return 1;
+ }
+
err = sqfs_meta_reader_read_dir_ent(rd->meta_dir, &ent);
if (err)
return err;