From f35d106059accbddaa602b6525f9542746b2c2b7 Mon Sep 17 00:00:00 2001 From: Zezula Ladislav Date: Mon, 15 Oct 2018 11:23:52 +0200 Subject: + Fixed arbitrarily large allocations caused by TQMPHeader::dwBlockTableSize --- src/FileStream.cpp | 13 +++++++++++++ src/SBaseFileTable.cpp | 8 ++++++++ src/SFileOpenArchive.cpp | 1 - src/SFileOpenFileEx.cpp | 5 ++++- 4 files changed, 25 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/FileStream.cpp b/src/FileStream.cpp index c73223c..84f36c0 100644 --- a/src/FileStream.cpp +++ b/src/FileStream.cpp @@ -652,6 +652,19 @@ static bool BaseHttp_Open(TFileStream * pStream, const TCHAR * szFileName, DWORD DWORD dwFileSize = 0; DWORD dwDataSize; DWORD dwIndex = 0; + TCHAR StatusCode[0x08]; + + // Check if the file succeeded to open + dwDataSize = sizeof(StatusCode); + if(HttpQueryInfo(hRequest, HTTP_QUERY_STATUS_CODE, StatusCode, &dwDataSize, &dwIndex)) + { + if(_tcscmp(StatusCode, _T("200"))) + { + InternetCloseHandle(hRequest); + SetLastError(ERROR_FILE_NOT_FOUND); + return false; + } + } // Check if the MPQ has Last Modified field dwDataSize = sizeof(ULONGLONG); diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp index 1cb469e..700df48 100644 --- a/src/SBaseFileTable.cpp +++ b/src/SBaseFileTable.cpp @@ -406,6 +406,14 @@ int ConvertMpqHeaderToFormat4( pHeader->ArchiveSize64 = DetermineArchiveSize_V1(ha, pHeader, MpqOffset, FileSize); pHeader->dwArchiveSize = (DWORD)pHeader->ArchiveSize64; } + + // EWIX_v8_7.w3x: TMPQHeader::dwBlockTableSize = 0x00319601 + // Size of TFileTable goes to ~200MB, so we artificially cut it + if(BlockTablePos64 + (pHeader->dwBlockTableSize * sizeof(TMPQBlock)) > FileSize) + { + pHeader->dwBlockTableSize = (DWORD)((FileSize - BlockTablePos64) / sizeof(TMPQBlock)); + pHeader->BlockTableSize64 = pHeader->dwBlockTableSize * sizeof(TMPQBlock); + } break; case MPQ_FORMAT_VERSION_2: diff --git a/src/SFileOpenArchive.cpp b/src/SFileOpenArchive.cpp index a896eaf..15dffe4 100644 --- a/src/SFileOpenArchive.cpp +++ b/src/SFileOpenArchive.cpp @@ -118,7 +118,6 @@ static int VerifyMpqTablePositions(TMPQArchive * ha, ULONGLONG FileSize) return ERROR_SUCCESS; } - /*****************************************************************************/ /* Public functions */ /*****************************************************************************/ diff --git a/src/SFileOpenFileEx.cpp b/src/SFileOpenFileEx.cpp index a25cc72..a139585 100644 --- a/src/SFileOpenFileEx.cpp +++ b/src/SFileOpenFileEx.cpp @@ -308,7 +308,10 @@ bool WINAPI SFileOpenFileEx(HANDLE hMpq, const char * szFileName, DWORD dwSearch } } - nError = ERROR_FILE_NOT_FOUND; + if(pFileEntry == NULL) + { + nError = ERROR_FILE_NOT_FOUND; + } } // Ignore unknown loading flags (example: MPQ_2016_v1_WME4_4.w3x) -- cgit v1.2.3