From 32ed71db48ee31c4aa98fc642c28c0287eb2b5a1 Mon Sep 17 00:00:00 2001 From: "Ryan C. Gordon" Date: Thu, 20 Jul 2017 17:00:21 -0400 Subject: [PATCH] slb: be more aggressive about rejecting non-SLB files. --- src/archiver_slb.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/archiver_slb.c b/src/archiver_slb.c index 82fe55a4..26466eaf 100644 --- a/src/archiver_slb.c +++ b/src/archiver_slb.c @@ -66,6 +66,13 @@ static void *SLB_openArchive(PHYSFS_Io *io, const char *name, int forWriting) PHYSFS_uint32 tocPos; void *unpkarc; + /* There's no identifier on an SLB file, so we assume it's _not_ if the + file count or tocPos is zero. Beyond that, we'll assume it's + bogus/corrupt if the entries' filenames don't start with '\' or the + tocPos is past the end of the file (seek will fail). This probably + covers all meaningful cases where we would accidentally accept a non-SLB + file with this archiver. */ + assert(io != NULL); /* shouldn't ever happen. */ BAIL_IF(forWriting, PHYSFS_ERR_READ_ONLY, NULL); @@ -76,10 +83,12 @@ static void *SLB_openArchive(PHYSFS_Io *io, const char *name, int forWriting) BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &count, sizeof (count)), NULL); count = PHYSFS_swapULE32(count); + BAIL_IF(!count, PHYSFS_ERR_UNSUPPORTED, NULL); /* offset of the table of contents */ BAIL_IF_ERRPASS(!__PHYSFS_readAll(io, &tocPos, sizeof (tocPos)), NULL); tocPos = PHYSFS_swapULE32(tocPos); + BAIL_IF(!tocPos, PHYSFS_ERR_UNSUPPORTED, NULL); /* seek to the table of contents */ BAIL_IF_ERRPASS(!io->seek(io, tocPos), NULL);