From 81a135ca67eac9a9250245d9d742e1fd6f28ae3e Mon Sep 17 00:00:00 2001
From: Ralph Broenink <ralph@ralphbroenink.net>
Date: Sat, 8 Jun 2024 19:07:38 +0200
Subject: [PATCH] Do not try to read more than file length, refs #17

---
 signify/authenticode/signed_pe.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/signify/authenticode/signed_pe.py b/signify/authenticode/signed_pe.py
index 7179afb..5caa385 100644
--- a/signify/authenticode/signed_pe.py
+++ b/signify/authenticode/signed_pe.py
@@ -222,7 +222,8 @@ def _parse_cert_table(self) -> Iterator[ParsedCertTable]:
             )
 
         position = locations["certtable"].start
-        while position < sum(locations["certtable"]):
+        certtable_end = sum(locations["certtable"])
+        while position < certtable_end:
             # check if this position is viable, we need at least 8 bytes for our header
             if position + 8 > self._filelength:
                 raise SignedPEParseError(
@@ -235,7 +236,7 @@ def _parse_cert_table(self) -> Iterator[ParsedCertTable]:
 
             # check if we are not going to perform a negative read (and 0 bytes is
             # weird as well)
-            if length <= 8:
+            if length <= 8 or position + length > certtable_end:
                 raise SignedPEParseError("Invalid length in certificate table header")
             certificate = self.file.read(length - 8)