Merge pull request #10954 from shuffle2/ios-hdr-overflow

WiiSave: protect against a stack buffer overflow
This commit is contained in:
Admiral H. Curtiss 2022-08-06 03:06:10 +02:00 committed by GitHub
commit 92ed0e33a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions

View File

@ -104,14 +104,21 @@ public:
if (!m_uid || !m_gid)
return {};
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, m_data_dir + "/banner.bin", FS::Mode::Read);
const auto banner_path = m_data_dir + "/banner.bin";
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, banner_path, FS::Mode::Read);
if (!banner)
return {};
Header header{};
header.banner_size = banner->GetStatus()->size;
if (header.banner_size > sizeof(header.banner))
{
ERROR_LOG_FMT(CORE, "NandStorage::ReadHeader: {} corrupted banner_size: {:x}", banner_path,
header.banner_size);
return {};
}
header.tid = m_tid;
header.md5 = s_md5_blanker;
const u8 mode = GetBinMode(m_data_dir + "/banner.bin");
const u8 mode = GetBinMode(banner_path);
if (!mode || !banner->Read(header.banner, header.banner_size))
return {};
header.permissions = mode;