frodovdr
/
vdr
mirror of https://github.com/VDR4Arch/vdr.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of 'libsi' to avoid crashes with invalid data

This commit is contained in:
Klaus Schmidinger 2006-02-18 11:08:55 +01:00
parent 5ed4504ce0
commit b8cdca858b
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HISTORY
View File

@ -4334,3 +4334,5 @@ Video Disk Recorder Revision History
- Fixed some typos in the CONTRIBUTORS file (thanks to Frank Krömmelbein). - Fixed some typos in the CONTRIBUTORS file (thanks to Frank Krömmelbein).
- Changed offset and size handling in 'libsi' from 'unsigned' to 'signed', so that - Changed offset and size handling in 'libsi' from 'unsigned' to 'signed', so that
overflows can be better detected (thanks to Marcel Wiesweg). overflows can be better detected (thanks to Marcel Wiesweg).
- Checking data size in CaDescriptor::Parse() and LinkageDescriptor::Parse() of
'libsi' to avoid crashes with invalid data (thanks to Marcel Wiesweg).

12
libsi/descriptor.c
View File

@ -6,7 +6,7 @@
* the Free Software Foundation; either version 2 of the License, or * * the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. * * (at your option) any later version. *
* * * *
* $Id: descriptor.c 1.16 2006/02/18 10:38:20 kls Exp $ * $Id: descriptor.c 1.17 2006/02/18 11:02:25 kls Exp $
* * * *
***************************************************************************/ ***************************************************************************/
@ -329,7 +329,10 @@ int CaDescriptor::getCaPid() const {
void CaDescriptor::Parse() { void CaDescriptor::Parse() {
int offset=0; int offset=0;
data.setPointerAndOffset<const descr_ca>(s, offset); data.setPointerAndOffset<const descr_ca>(s, offset);
privateData.assign(data.getData(offset), getLength()-offset); if (checkSize(getLength()-offset))
privateData.assign(data.getData(offset), getLength()-offset);
else
privateData.assign(NULL, 0);
} }
int StreamIdentifierDescriptor::getComponentTag() const { int StreamIdentifierDescriptor::getComponentTag() const {
@ -635,7 +638,10 @@ void MultilingualServiceNameDescriptor::Name::Parse() {
void LinkageDescriptor::Parse() { void LinkageDescriptor::Parse() {
int offset=0; int offset=0;
data.setPointerAndOffset<const descr_linkage>(s, offset); data.setPointerAndOffset<const descr_linkage>(s, offset);
privateData.assign(data.getData(offset), getLength()-offset); if (checkSize(getLength()-offset))
privateData.assign(data.getData(offset), getLength()-offset);
else
privateData.assign(NULL, 0);
} }
int LinkageDescriptor::getTransportStreamId() const { int LinkageDescriptor::getTransportStreamId() const {