On Wed, Nov 27, 2013 at 1:00 PM, Thomas Gummerer <t.gummerer@xxxxxxxxx> wrote:
> +static int verify_hdr(void *mmap, unsigned long size)
> +{
> + uint32_t *filecrc;
> + unsigned int header_size;
> + struct cache_header *hdr;
> + struct cache_header_v5 *hdr_v5;
> +
> + if (size < sizeof(struct cache_header)
> + + sizeof (struct cache_header_v5) + 4)
> + die("index file smaller than expected");
> +
> + hdr = mmap;
> + hdr_v5 = ptr_add(mmap, sizeof(*hdr));
> + /* Size of the header + the size of the extensionoffsets */
> + header_size = sizeof(*hdr) + sizeof(*hdr_v5) + hdr_v5->hdr_nextension * 4;
> + /* Initialize crc */
> + filecrc = ptr_add(mmap, header_size);
> + if (!check_crc32(0, hdr, header_size, ntohl(*filecrc)))
> + return error("bad index file header crc signature");
> + return 0;
> +}
I find it curious that we actually need a value from the header (and
use it for pointer arithmetic) to check that the header is valid. The
application will crash before the crc is checked if
hdr_v5->hdr_nextensions is corrupted. Or am I missing something ?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html