| From ace45631595e8781a1420842582d67160097163c Mon Sep 17 00:00:00 2001 |
| From: Michael Natterer <mitch@gimp.org> |
| Date: Wed, 06 Jun 2012 19:21:10 +0000 |
| Subject: Bug 676804 - file handling DoS for fit file format |
| |
| Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on |
| broken/malicious fits files. |
| --- |
| (limited to 'plug-ins/file-fits/fits-io.c') |
| |
| diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c |
| index 03d9652..ed77318 100644 |
| --- a/plug-ins/file-fits/fits-io.c |
| +++ b/plug-ins/file-fits/fits-io.c |
| @@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, |
| hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); |
| hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); |
| if (hdulist->used.xtension) |
| - { |
| - fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); |
| - strcpy (hdulist->xtension, fdat->fstring); |
| - } |
| + { |
| + fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); |
| + if (fdat != NULL) |
| + { |
| + strcpy (hdulist->xtension, fdat->fstring); |
| + } |
| + else |
| + { |
| + strcpy (errmsg, "No valid XTENSION header found."); |
| + goto err_return; |
| + } |
| + } |
| |
| FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); |
| hdulist->naxis = fdat->flong; |
| -- |
| cgit v0.9.0.2 |