libpst

changeset 341:c638905665bc

Daniel Gryniewicz found buffer overrun in LIST_COPY_TIME
author Carl Byington <carl@five-ten-sg.com>
date Fri, 27 Dec 2013 08:42:41 -0800
parents 0f3185217313
children 5d0dc4db45b3
files src/libpst.c
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line diff
     1.1 --- a/src/libpst.c	Fri Dec 27 08:27:47 2013 -0800
     1.2 +++ b/src/libpst.c	Fri Dec 27 08:42:41 2013 -0800
     1.3 @@ -2064,13 +2064,14 @@
     1.4  
     1.5  // malloc space and copy the item filetime
     1.6  #define LIST_COPY_TIME(label, targ) {                                       \
     1.7 -    if (list->elements[x]->type != 0x40) {                                  \
     1.8 -        DEBUG_WARN(("src not 0x40 for filetime dst\n"));                    \
     1.9 +    if ((list->elements[x]->type != 0x40) ||                                \
    1.10 +        (list->elements[x]->size != sizeof(FILETIME)) {                     \
    1.11 +        DEBUG_WARN(("src not 0x40 or wrong length for filetime dst\n"));    \
    1.12          DEBUG_HEXDUMP(list->elements[x]->data, list->elements[x]->size);    \
    1.13      }                                                                       \
    1.14      else {                                                                  \
    1.15          targ = (FILETIME*) pst_realloc(targ, sizeof(FILETIME));             \
    1.16 -        memcpy(targ, list->elements[x]->data, min(sizeof(FILETIME), list->elements[x]->size)); \
    1.17 +        memcpy(targ, list->elements[x]->data, sizeof(FILETIME));            \
    1.18          LE32_CPU(targ->dwLowDateTime);                                      \
    1.19          LE32_CPU(targ->dwHighDateTime);                                     \
    1.20          DEBUG_INFO((label" - %s", pst_fileTimeToAscii(targ, time_buffer))); \