Merge pull request #10954 from shuffle2/ios-hdr-overflow
WiiSave: protect against a stack buffer overflow
This commit is contained in:
commit
92ed0e33a8
|
@ -104,14 +104,21 @@ public:
|
|||
if (!m_uid || !m_gid)
|
||||
return {};
|
||||
|
||||
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, m_data_dir + "/banner.bin", FS::Mode::Read);
|
||||
const auto banner_path = m_data_dir + "/banner.bin";
|
||||
const auto banner = m_fs->OpenFile(*m_uid, *m_gid, banner_path, FS::Mode::Read);
|
||||
if (!banner)
|
||||
return {};
|
||||
Header header{};
|
||||
header.banner_size = banner->GetStatus()->size;
|
||||
if (header.banner_size > sizeof(header.banner))
|
||||
{
|
||||
ERROR_LOG_FMT(CORE, "NandStorage::ReadHeader: {} corrupted banner_size: {:x}", banner_path,
|
||||
header.banner_size);
|
||||
return {};
|
||||
}
|
||||
header.tid = m_tid;
|
||||
header.md5 = s_md5_blanker;
|
||||
const u8 mode = GetBinMode(m_data_dir + "/banner.bin");
|
||||
const u8 mode = GetBinMode(banner_path);
|
||||
if (!mode || !banner->Read(header.banner, header.banner_size))
|
||||
return {};
|
||||
header.permissions = mode;
|
||||
|
|
Loading…
Reference in New Issue