*/
/*
- * Copyright (C) 2012, 2013, 2015 Eric Biggers
+ * Copyright 2012-2023 Eric Biggers
*
* This file is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* details.
*
* You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, see http://www.gnu.org/licenses/.
+ * along with this file; if not, see https://www.gnu.org/licenses/.
*/
#ifdef HAVE_CONFIG_H
int
read_wim_header(WIMStruct *wim, struct wim_header *hdr)
{
- struct wim_header_disk disk_hdr _aligned_attribute(8);
+ struct wim_header_disk disk_hdr __attribute__((aligned(8)));
struct filedes *in_fd = &wim->in_fd;
const tchar *filename = wim->filename;
int ret;
filename = pipe_str;
}
- BUILD_BUG_ON(sizeof(struct wim_header_disk) != WIM_HEADER_DISK_SIZE);
-
- DEBUG("Reading WIM header from \"%"TS"\"", filename);
+ STATIC_ASSERT(sizeof(struct wim_header_disk) == WIM_HEADER_DISK_SIZE);
ret = full_read(in_fd, &disk_hdr, sizeof(disk_hdr));
if (ret)
hdr->flags = le32_to_cpu(disk_hdr.wim_flags);
hdr->chunk_size = le32_to_cpu(disk_hdr.chunk_size);
- memcpy(hdr->guid, disk_hdr.guid, WIM_GUID_LEN);
+ copy_guid(hdr->guid, disk_hdr.guid);
hdr->part_number = le16_to_cpu(disk_hdr.part_number);
hdr->total_parts = le16_to_cpu(disk_hdr.total_parts);
hdr->image_count = le32_to_cpu(disk_hdr.image_count);
- DEBUG("part_number = %u, total_parts = %u, image_count = %u",
- hdr->part_number, hdr->total_parts, hdr->image_count);
-
if (unlikely(hdr->image_count > MAX_IMAGES)) {
ERROR("\"%"TS"\": Invalid image count (%u)",
filename, hdr->image_count);
get_wim_reshdr(&disk_hdr.boot_metadata_reshdr, &hdr->boot_metadata_reshdr);
hdr->boot_idx = le32_to_cpu(disk_hdr.boot_idx);
get_wim_reshdr(&disk_hdr.integrity_table_reshdr, &hdr->integrity_table_reshdr);
+
+ /*
+ * Prevent huge memory allocations when processing fuzzed files. The
+ * blob table, XML data, and integrity table are all uncompressed, so
+ * they should never be larger than the WIM file itself.
+ */
+ if (wim->file_size > 0 &&
+ (hdr->blob_table_reshdr.uncompressed_size > wim->file_size ||
+ hdr->xml_data_reshdr.uncompressed_size > wim->file_size ||
+ hdr->integrity_table_reshdr.uncompressed_size > wim->file_size))
+ return WIMLIB_ERR_INVALID_HEADER;
+
return 0;
read_error:
write_wim_header(const struct wim_header *hdr, struct filedes *out_fd,
off_t offset)
{
- struct wim_header_disk disk_hdr _aligned_attribute(8);
+ struct wim_header_disk disk_hdr __attribute__((aligned(8)));
int ret;
- DEBUG("Writing %sWIM header at offset %"PRIu64,
- ((hdr->magic == PWM_MAGIC) ? "pipable " : ""),
- offset);
-
disk_hdr.magic = cpu_to_le64(hdr->magic);
disk_hdr.hdr_size = cpu_to_le32(sizeof(struct wim_header_disk));
disk_hdr.wim_version = cpu_to_le32(hdr->wim_version);
disk_hdr.wim_flags = cpu_to_le32(hdr->flags);
- if (hdr->flags & WIM_HDR_FLAG_COMPRESSION)
- disk_hdr.chunk_size = cpu_to_le32(hdr->chunk_size);
- else
- disk_hdr.chunk_size = 0;
- memcpy(disk_hdr.guid, hdr->guid, WIM_GUID_LEN);
-
+ disk_hdr.chunk_size = cpu_to_le32(hdr->chunk_size);
+ copy_guid(disk_hdr.guid, hdr->guid);
disk_hdr.part_number = cpu_to_le16(hdr->part_number);
disk_hdr.total_parts = cpu_to_le16(hdr->total_parts);
disk_hdr.image_count = cpu_to_le32(hdr->image_count);
tprintf(T("Chunk Size = %u\n"), hdr->chunk_size);
tfputs (T("GUID = "), stdout);
- print_byte_field(hdr->guid, WIM_GUID_LEN, stdout);
+ print_byte_field(hdr->guid, GUID_SIZE, stdout);
tputchar(T('\n'));
tprintf(T("Part Number = %hu\n"), hdr->part_number);
tprintf(T("Total Parts = %hu\n"), hdr->total_parts);
git://wimlib.net / wimlib / blobdiff