Work in progress: New MPQ protector

author: Ladislav Zezula <zezula@volny.cz> 2024-04-15 23:30:36 +0200
committer: Ladislav Zezula <zezula@volny.cz> 2024-04-15 23:30:36 +0200
commit: 29901739a2506999955e1fdd5a2f8f7b2140b089 (patch)
tree: 6319724f941cbc9d3b1a619bd709ac1b6557e379 /src/SBaseFileTable.cpp
parent: a8f782a2d2602b20da0b9052c37a4ce85040ed27 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index fa388fc..a222ac5 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -479,8 +479,16 @@ DWORD ConvertMpqHeaderToFormat4(
     {
         case MPQ_FORMAT_VERSION_1:
 
-            // Check for malformed MPQ header version 1.0
+            // Make sure that the MPQ Header is properly swapped
             BSWAP_TMPQHEADER(pHeader, MPQ_FORMAT_VERSION_1);
+
+            // Check for blatantly wrong MPQ header by the hash table position
+            if(((ByteOffset + pHeader->dwHashTablePos) & 0xFFFFFFFF) > FileSize)
+                return ERROR_FAKE_MPQ_HEADER;
+            if(((ByteOffset + pHeader->dwBlockTablePos) & 0xFFFFFFFF) > FileSize)
+                return ERROR_FAKE_MPQ_HEADER;
+
+            // Check for malformed MPQ header version 1.0
             if(pHeader->wFormatVersion != MPQ_FORMAT_VERSION_1 || pHeader->dwHeaderSize != MPQ_HEADER_SIZE_V1)
             {
                 pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1;
author	Ladislav Zezula <zezula@volny.cz>	2024-04-15 23:30:36 +0200
committer	Ladislav Zezula <zezula@volny.cz>	2024-04-15 23:30:36 +0200
commit	29901739a2506999955e1fdd5a2f8f7b2140b089 (patch)
tree	6319724f941cbc9d3b1a619bd709ac1b6557e379 /src/SBaseFileTable.cpp
parent	a8f782a2d2602b20da0b9052c37a4ce85040ed27 (diff)