Mercurial > libpst
changeset 341:c638905665bc
Daniel Gryniewicz found buffer overrun in LIST_COPY_TIME
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 27 Dec 2013 08:42:41 -0800 |
parents | 0f3185217313 |
children | 5d0dc4db45b3 |
files | src/libpst.c |
diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/libpst.c Fri Dec 27 08:27:47 2013 -0800 +++ b/src/libpst.c Fri Dec 27 08:42:41 2013 -0800 @@ -2064,13 +2064,14 @@ // malloc space and copy the item filetime #define LIST_COPY_TIME(label, targ) { \ - if (list->elements[x]->type != 0x40) { \ - DEBUG_WARN(("src not 0x40 for filetime dst\n")); \ + if ((list->elements[x]->type != 0x40) || \ + (list->elements[x]->size != sizeof(FILETIME)) { \ + DEBUG_WARN(("src not 0x40 or wrong length for filetime dst\n")); \ DEBUG_HEXDUMP(list->elements[x]->data, list->elements[x]->size); \ } \ else { \ targ = (FILETIME*) pst_realloc(targ, sizeof(FILETIME)); \ - memcpy(targ, list->elements[x]->data, min(sizeof(FILETIME), list->elements[x]->size)); \ + memcpy(targ, list->elements[x]->data, sizeof(FILETIME)); \ LE32_CPU(targ->dwLowDateTime); \ LE32_CPU(targ->dwHighDateTime); \ DEBUG_INFO((label" - %s", pst_fileTimeToAscii(targ, time_buffer))); \