Blindly setting the file size to something potentially larger than it
seems outright silly. All this mucking about with the upkg_file struct
members should probably be eliminated eventually, but may as well do it
sanely for now.
override (U:Object) int deserialize(U:Object *uo)
{
struct upkg_file *f = uo->pkg_file;
- Self *self = SELF(uo);
size_t rc, pos = 0, buflen;
unsigned char buf[32];
long size;
}
rc = upkg_decode_index(&size, buf+pos, buflen-pos);
- if (rc == 0 || size < 0)
+ if (rc == 0 || size < 0 || size > f->len - pos)
return -1;
pos += rc;