proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-08-08 04:41:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix fuzzing timeout in the new IFW CPD parsing

Browse Source 
Limit the number of images to an order of magnitide more than we've ever seen.

Fixes https://oss-fuzz.com/testcase-detail/4842982326534144
This commit is contained in:
Richard Hughes 2022-07-08 15:17:25 +01:00
parent 7a224007f2
commit cb0966858d
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfwupdplugin/fu-ifwi-cpd-firmware.c
View File

@ -38,6 +38,7 @@ G_DEFINE_TYPE_WITH_PRIVATE(FuIfwiCpdFirmware, fu_ifwi_cpd_firmware, FU_TYPE_FIRM
#define GET_PRIVATE(o) (fu_ifwi_cpd_firmware_get_instance_private(o)) #define GET_PRIVATE(o) (fu_ifwi_cpd_firmware_get_instance_private(o))
#define FU_IFWI_CPD_FIRMWARE_HEADER_MARKER 0x44504324 #define FU_IFWI_CPD_FIRMWARE_HEADER_MARKER 0x44504324
#define FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX 1024
typedef struct __attribute__((packed)) { typedef struct __attribute__((packed)) {
guint32 header_marker; guint32 header_marker;
@ -258,6 +259,15 @@ fu_ifwi_cpd_firmware_parse(FuFirmware *firmware,
G_LITTLE_ENDIAN, G_LITTLE_ENDIAN,
error)) error))
return FALSE; return FALSE;
if (num_of_entries > FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX) {
g_set_error(error,
G_IO_ERROR,
G_IO_ERROR_INVALID_DATA,
"too many entries 0x%x, expected <= 0x%x",
num_of_entries,
(guint)FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX);
return FALSE;
}
offset += header_length; offset += header_length;
for (guint32 i = 0; i < num_of_entries; i++) { for (guint32 i = 0; i < num_of_entries; i++) {
gchar name[12] = {0x0}; gchar name[12] = {0x0};