From bc1649fe40baa5f4e5ce489b71cce55a5ebd3ba4 Mon Sep 17 00:00:00 2001 From: Yarden Shafir Date: Fri, 6 Jan 2023 10:42:21 -0500 Subject: [PATCH] If load config size is larger than reported, overwrite --- checksec.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/checksec.cpp b/checksec.cpp index c8f149d..4c67718 100644 --- a/checksec.cpp +++ b/checksec.cpp @@ -60,6 +60,13 @@ Checksec::Checksec(std::string filepath) : filepath_(filepath), loadedImage_(fil auto size = std::min(loadConfigData.size(), sizeof(loadConfig)); memcpy(&loadConfig, loadConfigData.data(), size); loadConfigSize_ = loadConfigData.size(); + if ((loadConfig.Size > loadConfigSize_) && (loadConfig.Size <= size)) { + std::cerr << "Warn: load config larger than reported by data directory entry," + << " overwriting" + << "\n"; + memcpy(&loadConfig, loadConfigData.data(), loadConfig.Size); + loadConfigSize_ = loadConfig.Size; + } loadConfigGuardFlags_ = loadConfig.GuardFlags; loadConfigSecurityCookie_ = loadConfig.SecurityCookie; loadConfigSEHandlerTable_ = loadConfig.SEHandlerTable; @@ -129,9 +136,17 @@ Checksec::Checksec(std::string filepath) : filepath_(filepath), loadedImage_(fil std::cerr << "Warn: undersized load config, probably missing fields" << "\n"; } + auto size = std::min(loadConfigData.size(), sizeof(loadConfig)); memcpy(&loadConfig, loadConfigData.data(), size); loadConfigSize_ = loadConfigData.size(); + if ((loadConfig.Size > loadConfigSize_) && (loadConfig.Size <= size)) { + std::cerr << "Warn: load config larger than reported by data directory entry," + << " overwriting" + << "\n"; + memcpy(&loadConfig, loadConfigData.data(), loadConfig.Size); + loadConfigSize_ = loadConfig.Size; + } loadConfigGuardFlags_ = loadConfig.GuardFlags; loadConfigSecurityCookie_ = loadConfig.SecurityCookie; loadConfigSEHandlerTable_ = loadConfig.SEHandlerTable;