Merge pull request #326 from ladislav-zezula/LZ_NewProtectedMPQ

Support for new MPQ protection
author: Ladislav Zezula <zezula@volny.cz> 2024-04-16 14:52:23 +0200
committer: GitHub <noreply@github.com> 2024-04-16 14:52:23 +0200
commit: 605222393594f5885b877bfc0086dae756674965 (patch)
tree: aeabad8c5789d3a8a4605ed8ebab7539aac702e4 /src/SBaseFileTable.cpp
parent: a8f782a2d2602b20da0b9052c37a4ce85040ed27 (diff)
parent: 7fdae1508a001568d896300e951e83c0825a520d (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index fa388fc..a222ac5 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -479,8 +479,16 @@ DWORD ConvertMpqHeaderToFormat4(
     {
         case MPQ_FORMAT_VERSION_1:
 
-            // Check for malformed MPQ header version 1.0
+            // Make sure that the MPQ Header is properly swapped
             BSWAP_TMPQHEADER(pHeader, MPQ_FORMAT_VERSION_1);
+
+            // Check for blatantly wrong MPQ header by the hash table position
+            if(((ByteOffset + pHeader->dwHashTablePos) & 0xFFFFFFFF) > FileSize)
+                return ERROR_FAKE_MPQ_HEADER;
+            if(((ByteOffset + pHeader->dwBlockTablePos) & 0xFFFFFFFF) > FileSize)
+                return ERROR_FAKE_MPQ_HEADER;
+
+            // Check for malformed MPQ header version 1.0
             if(pHeader->wFormatVersion != MPQ_FORMAT_VERSION_1 || pHeader->dwHeaderSize != MPQ_HEADER_SIZE_V1)
             {
                 pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1;
author	Ladislav Zezula <zezula@volny.cz>	2024-04-16 14:52:23 +0200
committer	GitHub <noreply@github.com>	2024-04-16 14:52:23 +0200
commit	605222393594f5885b877bfc0086dae756674965 (patch)
tree	aeabad8c5789d3a8a4605ed8ebab7539aac702e4 /src/SBaseFileTable.cpp
parent	a8f782a2d2602b20da0b9052c37a4ce85040ed27 (diff)
parent	7fdae1508a001568d896300e951e83c0825a520d (diff)