1. Implemented missing event 'net.server.connect'

2. Added integer overflow checks on ILibMemory operations 3. Added better bounds checking for DNS resolve and PE header parsing
2025-12-15 15:53:55 +00:00 · 2020-06-26 23:10:43 -07:00
parent a765847f0a
commit 0d4f0f6adc
7 changed files with 55 additions and 127 deletions
--- a/meshcore/agentcore.c
+++ b/meshcore/agentcore.c
@@ -2263,26 +2263,35 @@ int GenerateSHA384FileHash(char *filePath, char *fileHash)
 			// PE Image
 			optHeader = ILibMemory_AllocateA(((unsigned short*)ILibScratchPad)[10]);
 			ignore_result(fread(optHeader, 1, ILibMemory_AllocateA_Size(optHeader), tmpFile));
-			switch (((unsigned short*)optHeader)[0])
+			if (ILibMemory_AllocateA_Size(optHeader) > 4)
 			{
-			case 0x10B:
-				if (((unsigned int*)(optHeader + 128))[0] != 0)
+				switch (((unsigned short*)optHeader)[0])
 				{
-					endIndex = ((unsigned int*)(optHeader + 128))[0];
+				case 0x10B:
+					if (ILibMemory_AllocateA_Size(optHeader) >= 132)
+					{
+						if (((unsigned int*)(optHeader + 128))[0] != 0)
+						{
+							endIndex = ((unsigned int*)(optHeader + 128))[0];
+						}
+						tableIndex = NTHeaderIndex + 24 + 128;
+						retVal = 0;
+					}
+					break;
+				case 0x20B:
+					if (ILibMemory_AllocateA_Size(optHeader) >= 148)
+					{
+						if (((unsigned int*)(optHeader + 144))[0] != 0)
+						{
+							endIndex = ((unsigned int*)(optHeader + 144))[0];
+						}
+						tableIndex = NTHeaderIndex + 24 + 144;
+						retVal = 0;
+					}
+					break;
+				default:
+					break;
 				}
-				tableIndex = NTHeaderIndex + 24 + 128;
-				retVal = 0;
-				break;
-			case 0x20B:
-				if (((unsigned int*)(optHeader + 144))[0] != 0)
-				{
-					endIndex = ((unsigned int*)(optHeader + 144))[0];
-				}
-				tableIndex = NTHeaderIndex + 24 + 144;
-				retVal = 0;
-				break;
-			default:
-				break;
 			}
 		}
 	}