Check blocksize. CERT-FI 829767

id:000005,sig:06,src:000000,op:havoc,rep:16
2015-05-09 06:56:32 -07:00 · 2015-05-09 06:56:32 -07:00 · 7ad77ff540
commit 7ad77ff540
parent acede72e9b
1 changed files with 2 additions and 1 deletions
--- a/src/p_mach.cpp
+++ b/src/p_mach.cpp
@ -1285,7 +1285,8 @@ void PackMachBase<T>::unpack(OutputFile *fo)
    fi->readx(&hbuf, sizeof(hbuf));
    unsigned orig_file_size = get_te32(&hbuf.p_filesize);
    blocksize = get_te32(&hbuf.p_blocksize);
-    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size)
+    if (file_size > (off_t)orig_file_size || blocksize > orig_file_size
+    ||  blocksize > 0x01000000)
        throwCantUnpack("file header corrupted");

    ibuf.alloc(blocksize + OVERHEAD);