summary refs log tree commit diff
path: root/bin
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2018-10-28 21:53:53 -0400
committerJune McEnroe <june@causal.agency>2018-10-28 21:53:53 -0400
commit69eb11b847e475e1f9cee55da55c5018f6a9cc59 (patch)
tree6968ce30da0148326b133c67c93d31403623ddec /bin
parentRemove other building bindings for engineer (diff)
downloadsrc-69eb11b847e475e1f9cee55da55c5018f6a9cc59.tar.gz
src-69eb11b847e475e1f9cee55da55c5018f6a9cc59.zip
Prevent buffer overflows in pngo
Diffstat (limited to '')
-rw-r--r--bin/pngo.c15


1 files changed, 13 insertions, 2 deletions
diff --git a/bin/pngo.c b/bin/pngo.c
index 6835642d..52222efd 100644
--- a/bin/pngo.c
+++ b/bin/pngo.c
@@ -110,8 +110,12 @@ static void skipChunk(struct Chunk chunk) {
 	if (!(chunk.type[0] & 0x20)) {
 		errx(EX_CONFIG, "%s: unsupported critical chunk %s", path, typeStr(chunk));
 	}
-	uint8_t discard[chunk.size];
-	readExpect(discard, sizeof(discard), "chunk data");
+	uint8_t discard[4096];
+	while (chunk.size > sizeof(discard)) {
+		readExpect(discard, sizeof(discard), "chunk data");
+		chunk.size -= sizeof(discard);
+	}
+	if (chunk.size) readExpect(discard, chunk.size, "chunk data");
 	readCrc();
 }
 
@@ -307,6 +311,10 @@ static void readPalette(struct Chunk chunk) {
 	}
 
 	palette.len = chunk.size / 3;
+	if (palette.len > 256) {
+		errx(EX_DATAERR, "%s: PLTE length %u > 256", path, palette.len);
+	}
+
 	readExpect(palette.entries, chunk.size, "palette data");
 	readCrc();
 
@@ -323,6 +331,9 @@ static void writePalette(void) {
 
 static void readTrans(struct Chunk chunk) {
 	trans.len = chunk.size;
+	if (trans.len > 256) {
+		errx(EX_DATAERR, "%s: tRNS length %u > 256", path, trans.len);
+	}
 	readExpect(trans.alpha, chunk.size, "transparency alpha");
 	readCrc();
 	if (verbose) fprintf(stderr, "%s: transparency length %u\n", path, trans.len);

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-06-02 08:37:04 +0000


 


ader'>2019-10-27Add reload cmd to rc scriptJune McEnroe

Using daemon(8) makes this way more awkward than it should be.



2019-10-27Reload certificate on SIGUSR1June McEnroe


2019-10-27Drop clients on zero-length readsJune McEnroe


2019-10-27Explicitly tls_handshake new clientsJune McEnroe

This prevents a client connecting, sending nothing, and getting blocked
in tls_read immediately.



2019-10-26Document rationaleJune McEnroe


2019-10-26Handle nick collisionJune McEnroe


2019-10-26Wait for AUTHENTICATE + from serverJune McEnroe


2019-10-26Respond to PING with same parameterJune McEnroe


2019-10-26Add undocumented flag to disable verificationJune McEnroe


2019-10-26Do not require RPL_ISUPPORT for stateReadyJune McEnroe


2019-10-26Implement graceful shutdownJune McEnroe


2019-10-26Require PASS before USERJune McEnroe

Prevent creating a ring consumer without authentication.



2019-10-26Track channel topicsJune McEnroe


2019-10-26Set AWAY when no clients are connectedJune McEnroe


2019-10-26Add flags to request TOPIC and NAMES on client connectJune McEnroe


2019-10-26OopsJune McEnroe


2019-10-26Disconnect client on unknown commandJune McEnroe

During registration, no other commands should be sent. Afterwards, only
intercepted commands will get parsed.



2019-10-26Allow reading sensitive information from filesJune McEnroe


2019-10-26Add rc scriptJune McEnroe


2019-10-25Add install and uninstall targetsJune McEnroe


2019-10-25Expand documentationJune McEnroe


2019-10-25Add AGPLv3 notice on client registrationJune McEnroe

OwO



2019-10-25Rename project pounceJune McEnroe