Fix checks and add testers

trailofbits · Nov 21, 2022 · 54cf779 · 54cf779
1 parent ddc6aad
commit 54cf779
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 6 deletions.
diff --git a/checksec.cpp b/checksec.cpp
@@ -85,11 +85,15 @@ Checksec::Checksec(std::string filepath) : filepath_(filepath), loadedImage_(fil
             if (debugDir.Type == 20) {
                 if (debugDir.PointerToRawData != 0) {
                     auto dataPtr = debugDir.PointerToRawData + loadedImage_.get()->fileBuffer->buf;
-                    try {
-                        extendedDllCharacteristics_ = *((uint16_t*)dataPtr);
-                    } catch (...) {
+                    if ((dataPtr < loadedImage_.get()->fileBuffer->buf) ||
+                        (dataPtr > loadedImage_.get()->fileBuffer->buf +
+                                       loadedImage_.get()->fileBuffer->bufLen)) {
+                        std::cerr << "Warn: dataPtr is out of bounds"
+                                  << "\n";
                         extendedDllCharacteristics_ = 0;
+                        return;
                     }
+                    extendedDllCharacteristics_ = *((uint16_t*)dataPtr);
                 }
             }
         }
@@ -149,11 +153,15 @@ Checksec::Checksec(std::string filepath) : filepath_(filepath), loadedImage_(fil
             if (debugDir.Type == 20) {
                 if (debugDir.PointerToRawData != 0) {
                     auto dataPtr = debugDir.PointerToRawData + loadedImage_.get()->fileBuffer->buf;
-                    try {
-                        extendedDllCharacteristics_ = *((uint16_t*)dataPtr);
-                    } catch (...) {
+                    if ((dataPtr < loadedImage_.get()->fileBuffer->buf) ||
+                        (dataPtr > loadedImage_.get()->fileBuffer->buf +
+                                       loadedImage_.get()->fileBuffer->bufLen)) {
+                        std::cerr << "Warn: dataPtr is out of bounds"
+                                  << "\n";
                         extendedDllCharacteristics_ = 0;
+                        return;
                     }
+                    extendedDllCharacteristics_ = *((uint16_t*)dataPtr);
                 }
             }
         }

diff --git a/test/assets/32/pegoat-cetcompat.exe b/test/assets/32/pegoat-cetcompat.exe
diff --git a/test/assets/64/pegoat-cetcompat.exe b/test/assets/64/pegoat-cetcompat.exe
diff --git a/test/winchecksec-test.cpp b/test/winchecksec-test.cpp
@@ -157,3 +157,11 @@ TEST(Winchecksec, NoCetCompat64) {
 
     EXPECT_FALSE(checksec.isCetCompat());
 }
+
+TEST(Winchecksec, CetCompat64) {
+    auto *path = WINCHECKSEC_TEST_ASSETS "/64/pegoat-cetcompat.exe";
+
+    auto checksec = checksec::Checksec(path);
+
+    EXPECT_TRUE(checksec.isCetCompat());
+}