X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Fmetadata_resource.c;h=71d3d6d03802f49262865b2ad0916538426e079f;hb=e0c9e124bb3603ce4677efc137850d17f51b53fc;hp=014d16b999388267ff5eec1e17025d0b43b1c15e;hpb=f50557a7095444c554a066b3837c2999ecd1be31;p=wimlib diff --git a/src/metadata_resource.c b/src/metadata_resource.c index 014d16b9..71d3d6d0 100644 --- a/src/metadata_resource.c +++ b/src/metadata_resource.c @@ -3,7 +3,7 @@ */ /* - * Copyright (C) 2012, 2013 Eric Biggers + * Copyright 2012-2023 Eric Biggers * * This file is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License as published by the Free @@ -16,7 +16,7 @@ * details. * * You should have received a copy of the GNU Lesser General Public License - * along with this file; if not, see http://www.gnu.org/licenses/. + * along with this file; if not, see https://www.gnu.org/licenses/. */ #ifdef HAVE_CONFIG_H @@ -73,12 +73,23 @@ read_metadata_resource(struct wim_image_metadata *imd) const struct blob_descriptor *metadata_blob; void *buf; int ret; + u8 hash[SHA1_HASH_SIZE]; struct wim_security_data *sd; struct wim_dentry *root; metadata_blob = imd->metadata_blob; - DEBUG("Reading metadata resource (size=%"PRIu64").", metadata_blob->size); + /* + * Prevent huge memory allocations when processing fuzzed files. The + * case of metadata resources is tough, since a metadata resource can + * legitimately decompress to many times the size of the WIM file + * itself, e.g. in the case of an image containing many empty files with + * similar long filenames. Arbitrarily choose 512x as a generous limit. + */ + if (metadata_blob->blob_location == BLOB_IN_WIM && + metadata_blob->rdesc->wim->file_size > 0 && + metadata_blob->size / 512 > metadata_blob->rdesc->wim->file_size) + return WIMLIB_ERR_INVALID_METADATA_RESOURCE; /* Read the metadata resource into memory. (It may be compressed.) */ ret = read_blob_into_alloc_buf(metadata_blob, &buf); @@ -86,23 +97,19 @@ read_metadata_resource(struct wim_image_metadata *imd) return ret; /* Checksum the metadata resource. */ - if (!metadata_blob->dont_check_metadata_hash) { - u8 hash[SHA1_HASH_SIZE]; - - sha1_buffer(buf, metadata_blob->size, hash); - if (!hashes_equal(metadata_blob->hash, hash)) { - ERROR("Metadata resource is corrupted " - "(invalid SHA-1 message digest)!"); - ret = WIMLIB_ERR_INVALID_METADATA_RESOURCE; - goto out_free_buf; - } + sha1(buf, metadata_blob->size, hash); + if (!hashes_equal(metadata_blob->hash, hash)) { + ERROR("Metadata resource is corrupted " + "(invalid SHA-1 message digest)!"); + ret = WIMLIB_ERR_INVALID_METADATA_RESOURCE; + goto out_free_buf; } /* Parse the metadata resource. * * Notes: The metadata resource consists of the security data, followed * by the directory entry for the root directory, followed by all the - * other directory entries in the filesystem. The subdir_offset field + * other directory entries in the filesystem. The subdir offset field * of each directory entry gives the start of its child entries from the * beginning of the metadata resource. An end-of-directory is signaled * by a directory entry of length '0', really of length 8, because @@ -132,7 +139,6 @@ read_metadata_resource(struct wim_image_metadata *imd) imd->root_dentry = root; imd->security_data = sd; INIT_LIST_HEAD(&imd->unhashed_blobs); - DEBUG("Done parsing metadata resource."); return 0; out_free_dentry_tree: @@ -166,8 +172,6 @@ prepare_metadata_resource(WIMStruct *wim, int image, struct wim_security_data *sd; struct wim_image_metadata *imd; - DEBUG("Preparing metadata resource for image %d", image); - ret = select_wim_image(wim, image); if (ret) return ret; @@ -250,9 +254,6 @@ write_metadata_resource(WIMStruct *wim, int image, int write_resource_flags) imd->metadata_blob->hash, write_resource_flags); - /* Original checksum was overridden; set a flag so it isn't used. */ - imd->metadata_blob->dont_check_metadata_hash = 1; - FREE(buf); return ret; }