PackUnix::unpack() is non-Elf. CERT-FI 829767

id:000057,sig:11,sync:upx-macho-crash-2,src:000108 id:000058,sig:11,sync:upx-macho-crash-2,src:000107 id:000059,sig:06,sync:upx-macho-crash-2,src:000106 id:000060,sig:06,sync:upx-macho-crash-2,src:000103
2015-05-09 05:14:12 -07:00 · 2015-05-09 05:14:12 -07:00 · 2a79a69f59
commit 2a79a69f59
parent 8c0321697f
1 changed files with 2 additions and 20 deletions
--- a/src/p_unix.cpp
+++ b/src/p_unix.cpp
@ -539,25 +539,7 @@ int PackUnix::canUnpack()

 void PackUnix::unpack(OutputFile *fo)
 {
-    unsigned szb_info = sizeof(b_info);
-    {
-        Elf32_Ehdr ehdr;
-        fi->seek(0, SEEK_SET);
-        fi->readx(&ehdr, sizeof(ehdr));
-        unsigned const e_entry = get_te32(&ehdr.e_entry);
-        if (e_entry < 0x401180) { /* old style, 8-byte b_info */
-            szb_info = 2*sizeof(unsigned);
-        }
-        else {
-            Elf32_Phdr phdr;
-            fi->seek(get_te32(&ehdr.e_phoff), SEEK_SET);
-            fi->readx(&phdr, sizeof(phdr));
-            unsigned const p_vaddr = get_te32(&phdr.p_vaddr);
-            if (0x80==(e_entry - p_vaddr)) { /* 1.22 old style */
-                szb_info = 2*sizeof(unsigned);
-            }
-        }
-    }
+    unsigned const szb_info = sizeof(b_info);

    unsigned c_adler = upx_adler32(NULL, 0);
    unsigned u_adler = upx_adler32(NULL, 0);
@ -574,7 +556,7 @@ void PackUnix::unpack(OutputFile *fo)
        orig_file_size = get_te32(&hbuf.p_filesize);
        blocksize = get_te32(&hbuf.p_blocksize);

-        if (file_size > (off_t)orig_file_size || blocksize > orig_file_size)
+        if (file_size != (off_t)orig_file_size || blocksize > orig_file_size)
            throwCantUnpack("file header corrupted");
    }
    else