*/
/*
- * Copyright (C) 2012, 2013, 2015 Eric Biggers
+ * Copyright 2012-2023 Eric Biggers
*
* This file is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* details.
*
* You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, see http://www.gnu.org/licenses/.
+ * along with this file; if not, see https://www.gnu.org/licenses/.
*/
#ifdef HAVE_CONFIG_H
int
read_wim_header(WIMStruct *wim, struct wim_header *hdr)
{
- struct wim_header_disk disk_hdr _aligned_attribute(8);
+ struct wim_header_disk disk_hdr __attribute__((aligned(8)));
struct filedes *in_fd = &wim->in_fd;
const tchar *filename = wim->filename;
int ret;
filename = pipe_str;
}
- BUILD_BUG_ON(sizeof(struct wim_header_disk) != WIM_HEADER_DISK_SIZE);
-
- DEBUG("Reading WIM header from \"%"TS"\"", filename);
+ STATIC_ASSERT(sizeof(struct wim_header_disk) == WIM_HEADER_DISK_SIZE);
ret = full_read(in_fd, &disk_hdr, sizeof(disk_hdr));
if (ret)
hdr->flags = le32_to_cpu(disk_hdr.wim_flags);
hdr->chunk_size = le32_to_cpu(disk_hdr.chunk_size);
- memcpy(hdr->guid, disk_hdr.guid, WIM_GUID_LEN);
+ copy_guid(hdr->guid, disk_hdr.guid);
hdr->part_number = le16_to_cpu(disk_hdr.part_number);
hdr->total_parts = le16_to_cpu(disk_hdr.total_parts);
hdr->image_count = le32_to_cpu(disk_hdr.image_count);
- DEBUG("part_number = %u, total_parts = %u, image_count = %u",
- hdr->part_number, hdr->total_parts, hdr->image_count);
-
if (unlikely(hdr->image_count > MAX_IMAGES)) {
ERROR("\"%"TS"\": Invalid image count (%u)",
filename, hdr->image_count);
get_wim_reshdr(&disk_hdr.boot_metadata_reshdr, &hdr->boot_metadata_reshdr);
hdr->boot_idx = le32_to_cpu(disk_hdr.boot_idx);
get_wim_reshdr(&disk_hdr.integrity_table_reshdr, &hdr->integrity_table_reshdr);
+
+ /*
+ * Prevent huge memory allocations when processing fuzzed files. The
+ * blob table, XML data, and integrity table are all uncompressed, so
+ * they should never be larger than the WIM file itself.
+ */
+ if (wim->file_size > 0 &&
+ (hdr->blob_table_reshdr.uncompressed_size > wim->file_size ||
+ hdr->xml_data_reshdr.uncompressed_size > wim->file_size ||
+ hdr->integrity_table_reshdr.uncompressed_size > wim->file_size))
+ return WIMLIB_ERR_INVALID_HEADER;
+
return 0;
read_error:
* specified is the current one, the position is advanced by the size of the
* header. */
int
-write_wim_header_at_offset(const struct wim_header *hdr, struct filedes *out_fd,
- off_t offset)
+write_wim_header(const struct wim_header *hdr, struct filedes *out_fd,
+ off_t offset)
{
- struct wim_header_disk disk_hdr _aligned_attribute(8);
+ struct wim_header_disk disk_hdr __attribute__((aligned(8)));
int ret;
- DEBUG("Writing %sWIM header at offset %"PRIu64,
- ((hdr->magic == PWM_MAGIC) ? "pipable " : ""),
- offset);
-
disk_hdr.magic = cpu_to_le64(hdr->magic);
disk_hdr.hdr_size = cpu_to_le32(sizeof(struct wim_header_disk));
disk_hdr.wim_version = cpu_to_le32(hdr->wim_version);
disk_hdr.wim_flags = cpu_to_le32(hdr->flags);
- if (hdr->flags & WIM_HDR_FLAG_COMPRESSION)
- disk_hdr.chunk_size = cpu_to_le32(hdr->chunk_size);
- else
- disk_hdr.chunk_size = 0;
- memcpy(disk_hdr.guid, hdr->guid, WIM_GUID_LEN);
-
+ disk_hdr.chunk_size = cpu_to_le32(hdr->chunk_size);
+ copy_guid(disk_hdr.guid, hdr->guid);
disk_hdr.part_number = cpu_to_le16(hdr->part_number);
disk_hdr.total_parts = cpu_to_le16(hdr->total_parts);
disk_hdr.image_count = cpu_to_le32(hdr->image_count);
return ret;
}
-/* Writes the header for a WIM file at the output file descriptor's current
- * offset. */
-int
-write_wim_header(const struct wim_header *hdr, struct filedes *out_fd)
-{
- return write_wim_header_at_offset(hdr, out_fd, out_fd->offset);
-}
-
/* Update just the wim_flags field. */
int
write_wim_header_flags(u32 hdr_flags, struct filedes *out_fd)
offsetof(struct wim_header_disk, wim_flags));
}
-void
-set_wim_hdr_cflags(enum wimlib_compression_type ctype, struct wim_header *hdr)
-{
- hdr->flags &= ~(WIM_HDR_FLAG_COMPRESSION |
- WIM_HDR_FLAG_COMPRESS_RESERVED |
- WIM_HDR_FLAG_COMPRESS_XPRESS |
- WIM_HDR_FLAG_COMPRESS_LZX |
- WIM_HDR_FLAG_COMPRESS_LZMS |
- WIM_HDR_FLAG_COMPRESS_XPRESS_2);
- switch (ctype) {
- case WIMLIB_COMPRESSION_TYPE_NONE:
- return;
- case WIMLIB_COMPRESSION_TYPE_XPRESS:
- hdr->flags |= WIM_HDR_FLAG_COMPRESSION | WIM_HDR_FLAG_COMPRESS_XPRESS;
- return;
- case WIMLIB_COMPRESSION_TYPE_LZX:
- hdr->flags |= WIM_HDR_FLAG_COMPRESSION | WIM_HDR_FLAG_COMPRESS_LZX;
- return;
- case WIMLIB_COMPRESSION_TYPE_LZMS:
- hdr->flags |= WIM_HDR_FLAG_COMPRESSION | WIM_HDR_FLAG_COMPRESS_LZMS;
- return;
- }
- wimlib_assert(0);
-}
-
-/* Initialize the header for a WIM file. */
-void
-init_wim_header(struct wim_header *hdr,
- enum wimlib_compression_type ctype, u32 chunk_size)
-{
- memset(hdr, 0, sizeof(struct wim_header));
- hdr->magic = WIM_MAGIC;
- if (ctype == WIMLIB_COMPRESSION_TYPE_LZMS)
- hdr->wim_version = WIM_VERSION_SOLID;
- else
- hdr->wim_version = WIM_VERSION_DEFAULT;
- set_wim_hdr_cflags(ctype, hdr);
- hdr->chunk_size = chunk_size;
- hdr->total_parts = 1;
- hdr->part_number = 1;
- randomize_byte_array(hdr->guid, sizeof(hdr->guid));
-}
-
static const struct {
u32 flag;
const char *name;
tprintf(T("Chunk Size = %u\n"), hdr->chunk_size);
tfputs (T("GUID = "), stdout);
- print_byte_field(hdr->guid, WIM_GUID_LEN, stdout);
+ print_byte_field(hdr->guid, GUID_SIZE, stdout);
tputchar(T('\n'));
tprintf(T("Part Number = %hu\n"), hdr->part_number);
tprintf(T("Total Parts = %hu\n"), hdr->total_parts);