Fixed #907

avast · Dec 18, 2020 · a5374a3 · a5374a3
1 parent 37dbfd1
commit a5374a3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/include/retdec/pelib/PeLibAux.h b/include/retdec/pelib/PeLibAux.h
@@ -162,6 +162,7 @@ namespace PeLib
 	const std::uint32_t PELIB_IMAGE_RESOURCE_DATA_IS_DIRECTORY = 0x80000000;
 	const std::uint32_t PELIB_IMAGE_RESOURCE_NAME_IS_STRING = 0x80000000;
 	const std::uint32_t PELIB_IMAGE_RESOURCE_RVA_MASK = 0x7FFFFFFF;
+	const std::uint16_t PELIB_MAX_RESOURCE_ENTRIES = 0xC000;            // Maximum number of resource directory entries we consider OK
 
 	enum : std::uint32_t
 	{

diff --git a/src/pelib/ResourceDirectory.cpp b/src/pelib/ResourceDirectory.cpp
@@ -645,8 +645,17 @@ namespace PeLib
 		if(imageLoader.readImage(&header, uiRva, PELIB_IMAGE_RESOURCE_DIRECTORY::size()) != PELIB_IMAGE_RESOURCE_DIRECTORY::size())
 			return ERROR_INVALID_FILE;
 
-		// Add the total number of entries to the occupied range
+		// FE015EB24B7EEA2907698A6D7142198644A757066DA4EB8D3A4B63900008CF5E: Invalid root resource directory
+		// We artificially limit the allowed number of resource entries
+		if((header.NumberOfNamedEntries > PELIB_MAX_RESOURCE_ENTRIES) || (header.NumberOfIdEntries > PELIB_MAX_RESOURCE_ENTRIES))
+			return ERROR_INVALID_FILE;
+
+		// More checks for number of entries
 		unsigned int uiNumberOfEntries = header.NumberOfNamedEntries + header.NumberOfIdEntries;
+		if(uiNumberOfEntries > PELIB_MAX_RESOURCE_ENTRIES)
+			return ERROR_INVALID_FILE;
+
+		// Add the total number of entries to the occupied range
 		resDir->addOccupiedAddressRange(uiRva, uiRva + PELIB_IMAGE_RESOURCE_DIRECTORY::size() - 1);
 		uiRva += PELIB_IMAGE_RESOURCE_DIRECTORY::size();