X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Ftagged_items.c;h=1ed3b4a914454b6938dd193bb31b2d400dd8eba3;hp=6cd897fa7ae1bf167c7c4f6e21088b670d1a394c;hb=d31b2fee211b1c31420bafe1c2379f6f89bd92fe;hpb=3a900017c59c26af398f9cf375719dbcda378fb8 diff --git a/src/tagged_items.c b/src/tagged_items.c index 6cd897fa..1ed3b4a9 100644 --- a/src/tagged_items.c +++ b/src/tagged_items.c @@ -8,20 +8,18 @@ /* * Copyright (C) 2014 Eric Biggers * - * This file is part of wimlib, a library for working with WIM files. + * This file is free software; you can redistribute it and/or modify it under + * the terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your option) any + * later version. * - * wimlib is free software; you can redistribute it and/or modify it under the - * terms of the GNU General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at your option) - * any later version. - * - * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY - * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - * A PARTICULAR PURPOSE. See the GNU General Public License for more + * This file is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more * details. * - * You should have received a copy of the GNU General Public License - * along with wimlib; if not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU Lesser General Public License + * along with this file; if not, see http://www.gnu.org/licenses/. */ #ifdef HAVE_CONFIG_H @@ -45,13 +43,8 @@ struct tagged_item_header { /* Unique identifier for this item. */ le32 tag; - /* Size of the data of this tagged item, in bytes. This includes this - * header and should be a multiple of 8. - * - * (Actually, the MS implementation seems to round this up to an 8 byte - * boundary when calculating the offset to the next tagged item, but - * uses this length unmodified when validating the item. We might as - * well do the same.) */ + /* Size of the data of this tagged item, in bytes. This excludes this + * header and should be a multiple of 8. */ le32 length; /* Variable length data */ @@ -92,16 +85,18 @@ inode_get_tagged_item(const struct wim_inode *inode, hdr = (struct tagged_item_header *)p; tag = le32_to_cpu(hdr->tag); - len = le32_to_cpu(hdr->length); + len = ALIGN(le32_to_cpu(hdr->length), 8); + + /* Length overflow? */ + if (unlikely(len > len_remaining - sizeof(struct tagged_item_header))) + return NULL; + /* Matches the item we wanted? */ if (tag == desired_tag && len >= min_data_len) return hdr->data; - len = (len + 7) & ~7; - if (len >= len_remaining) - return NULL; - len_remaining -= len; - p = hdr->data + len; + len_remaining -= sizeof(struct tagged_item_header) + len; + p += sizeof(struct tagged_item_header) + len; } return NULL; } @@ -118,7 +113,7 @@ inode_add_tagged_item(struct wim_inode *inode, u32 tag, u32 len) /* We prepend the item instead of appending it because it's easier. */ - itemsize = sizeof(struct tagged_item_header) + len; + itemsize = sizeof(struct tagged_item_header) + ALIGN(len, 8); newsize = itemsize + inode->i_extra_size; buf = MALLOC(newsize); @@ -135,7 +130,7 @@ inode_add_tagged_item(struct wim_inode *inode, u32 tag, u32 len) hdr = (struct tagged_item_header *)buf; hdr->tag = cpu_to_le32(tag); hdr->length = cpu_to_le32(len); - return hdr->data; + return memset(hdr->data, 0, ALIGN(len, 8)); } static inline struct wimlib_unix_data_disk *