Download raw body.
add bound check in read_packed_object
On Mon, Oct 24, 2022 at 09:38:54PM +0200, Omar Polo wrote: > there's a similar check delta references ok > diff 0a8a9c8f2be324315ed3529bb48871c3bd0505b4 933f287a77cf1c9dced8ed3afbf3850f5c0c1bb3 > commit - 0a8a9c8f2be324315ed3529bb48871c3bd0505b4 > commit + 933f287a77cf1c9dced8ed3afbf3850f5c0c1bb3 > blob - b1c742e556836c8ebe34fdc0737b73b17fa2a931 > blob + 07b401c3fd8743bb46cd007e16800e79aaa387dc > --- lib/pack_index.c > +++ lib/pack_index.c > @@ -314,6 +314,12 @@ read_packed_object(struct got_pack *pack, struct got_i > break; > > if (pack->map) { > + if (mapoff + obj->delta.ofs.base_offsetlen >= > + pack->filesize) { > + err = got_error(GOT_ERR_BAD_PACKFILE); > + break; > + } > + > obj->crc = crc32(obj->crc, pack->map + mapoff, > obj->delta.ofs.base_offsetlen); > SHA1Update(pack_sha1_ctx, pack->map + mapoff, > >
add bound check in read_packed_object