- ERROR("(remaining_size = %"PRIu64" bytes, stream_name_len "
- "= %"PRIu16" bytes", remaining_size,
- cur_entry->stream_name_len);
+ ERROR("(remaining_size = %"PRIu64" bytes, "
+ "length_no_padding = %"PRIu16" bytes",
+ remaining_size, length_no_padding);
+ ret = WIMLIB_ERR_INVALID_DENTRY;
+ goto out_free_ads_entries;
+ }
+
+ /* The @length field in the on-disk ADS entry is expected to be
+ * equal to @total_length, which includes all of the entry and
+ * the padding that follows it to align the next ADS entry to an
+ * 8-byte boundary. However, to be safe, we'll accept the
+ * length field as long as it's not less than the un-padded
+ * total length and not more than the padded total length. */
+ if (length < length_no_padding || length > total_length) {
+ ERROR("Stream entry has unexpected length "
+ "field (length field = %"PRIu64", "
+ "unpadded total length = %"PRIu64", "
+ "padded total length = %"PRIu64")",
+ length, length_no_padding, total_length);