From: Eric Biggers <ebiggers3@gmail.com>
Date: Tue, 14 Jan 2014 20:49:28 +0000 (-0600)
Subject: read_metadata_resource(): Simplify check for short resource
X-Git-Tag: v1.6.1~45
X-Git-Url: https://wimlib.net/git/?p=wimlib;a=commitdiff_plain;h=3597bff959cb8a0c6ae57c23c54c59cf4c5c4b50

read_metadata_resource(): Simplify check for short resource
---

diff --git a/src/metadata_resource.c b/src/metadata_resource.c
index f9401d01..208539da 100644
--- a/src/metadata_resource.c
+++ b/src/metadata_resource.c
@@ -73,17 +73,7 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 	metadata_lte = imd->metadata_lte;
 	metadata_len = metadata_lte->size;
 
-	DEBUG("Reading metadata resource.");
-
-	/* There is no way the metadata resource could possibly be less than (8
-	 * + WIM_DENTRY_DISK_SIZE) bytes, where the 8 is for security data (with
-	 * no security descriptors) and WIM_DENTRY_DISK_SIZE is for the root
-	 * entry. */
-	if (metadata_len < 8 + WIM_DENTRY_DISK_SIZE) {
-		ERROR("Expected at least %u bytes for the metadata resource",
-		      8 + WIM_DENTRY_DISK_SIZE);
-		return WIMLIB_ERR_INVALID_METADATA_RESOURCE;
-	}
+	DEBUG("Reading metadata resource (size=%"PRIu64").", metadata_len);
 
 	/* Read the metadata resource into memory.  (It may be compressed.) */
 	ret = read_full_stream_into_alloc_buf(metadata_lte, &buf);
@@ -158,19 +148,19 @@ read_metadata_resource(WIMStruct *wim, struct wim_image_metadata *imd)
 
 	inode_add_dentry(root, root->d_inode);
 
-	/* Now read the entire directory entry tree into memory. */
+	/* Now read the entire directory entry tree into memory.  */
 	DEBUG("Reading dentry tree");
 	ret = read_dentry_tree(buf, metadata_len, root);
 	if (ret)
 		goto out_free_dentry_tree;
 
-	/* Build hash table that maps hard link group IDs to dentry sets */
+	/* Calculate inodes.  */
 	ret = dentry_tree_fix_inodes(root, &imd->inode_list);
 	if (ret)
 		goto out_free_dentry_tree;
 
 
-	DEBUG("Running miscellaneous verifications on the dentry tree");
+	DEBUG("Verifying inodes.");
 	image_for_each_inode(inode, imd) {
 		ret = verify_inode(inode, security_data);
 		if (ret)
diff --git a/src/security.c b/src/security.c
index 27c68a4f..9e1c9998 100644
--- a/src/security.c
+++ b/src/security.c
@@ -52,8 +52,7 @@ new_wim_security_data(void)
  *
  * @metadata_resource:	An array that contains the uncompressed metadata
  *				resource for the WIM image.
- * @metadata_resource_len:	The length of @metadata_resource.  It must be at
- *				least 8 bytes.
+ * @metadata_resource_len:	The length of @metadata_resource.
  * @sd_ret:	A pointer to a pointer to a wim_security_data structure that
  *		will be filled in with a pointer to a new wim_security_data
  *		structure containing the security data on success.
@@ -78,7 +77,8 @@ read_wim_security_data(const u8 metadata_resource[], size_t metadata_resource_le
 	const struct wim_security_data_disk *sd_disk;
 	const u8 *p;
 
-	wimlib_assert(metadata_resource_len >= 8);
+	if (metadata_resource_len < 8)
+		return WIMLIB_ERR_INVALID_METADATA_RESOURCE;
 
 	sd = new_wim_security_data();
 	if (!sd)
@@ -165,6 +165,8 @@ out_align_total_length:
 			"%u bytes, but calculated %u bytes",
 			sd->total_length, (unsigned)total_len);
 	}
+	if (sd->total_length > metadata_resource_len)
+		goto out_invalid_sd;
 	*sd_ret = sd;
 	ret = 0;
 	goto out;