QuasarApp/pe-parse
4
0
Fork 0
mirror of https://github.com/QuasarApp/pe-parse.git synced 2025-04-26 12:24:32 +00:00
Code Issues Projects Releases Wiki Activity

parse: Handle a potential nullptr from splitBuffer (#110)

Browse Source 
Identified by #109: when parsing the PE sections, we incorrectly
trust that the offset range given to us by each section is valid.

We pass this range to splitBuffer expectly a valid bounded_buffer.

splitBuffer correctly determines that the range is invalid, and
returns a nullptr to indicate failure.

We fail to check for that nullptr in getSections, resulting in
an eventual segfault by null dereference when we attempt to
reference the invalid section.

This commit adds a check for that nullptr and causes getSections
to return false. This is then propagated as an invalid
section error.

Example:

```bash
/app/pe-parse # /usr/bin/dump-pe /tmp/test1.exe
Error: 3 (Invalid section)
Location: ParsePEFromFile:2380
```

Fixes #109.
This commit is contained in:
William Woodruff 2020-03-09 12:47:16 -04:00 committed by GitHub
parent 68ab345297
commit 4b2aa738cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pe-parser-library/src/parse.cpp
View File

@ -937,6 +937,14 @@ bool getSections(bounded_buffer *b,
std::uint32_t highOff = lowOff + curSec.SizeOfRawData;
thisSec.sectionData = splitBuffer(fileBegin, lowOff, highOff);
// GH#109: we trusted [lowOff, highOff) to be a range that yields
// a valid bounded_buffer, despite these being user-controllable.
// splitBuffer correctly handles this, but we failed to check for
// the nullptr it returns as a sentinel.
if (thisSec.sectionData == nullptr) {
return false;
}
secs.push_back(thisSec);
}