limit sector sizes

author Christos Zoulas <christos@zoulas.com>

Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)

committer Christos Zoulas <christos@zoulas.com>

Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)
author Christos Zoulas <christos@zoulas.com>
Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)
committer Christos Zoulas <christos@zoulas.com>
Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)
diff --git a/src/cdf.c b/src/cdf.c

index 8afb4ffb46f05907b1edaf13130e8fc575d0298d..9ca9c44cd7efe52417ff0ddac4438bb4560554c3 100644 (file)
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -32,7 +32,7 @@
  #include "file.h"
  
  #ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.24 2009/05/02 00:04:14 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.25 2009/05/02 16:36:17 christos Exp $")
  #endif
  
  #include <assert.h>
@@ -268,10 +268,21 @@ cdf_read_header(const cdf_info_t *info, cdf_header_t *h)
                 DPRINTF(("Bad magic 0x%llx != 0x%llx\n",
                     (unsigned long long)h->h_magic,
                     (unsigned long long)CDF_MAGIC));
-               errno = EFTYPE;
-               return -1;
+               goto out;
+       }
+       if (h->h_sec_size_p2 > 20) {
+               DPRINTF(("Bad sector size 0x%u\n", h->h_sec_size_p2));
+               goto out;
+       }
+       if (h->h_short_sec_size_p2 > 20) {
+               DPRINTF(("Bad short sector size 0x%u\n",
+                   h->h_short_sec_size_p2));
+               goto out;
         }
         return 0;
+out:
+       errno = EFTYPE;
+       return -1;
  }
author	Christos Zoulas <christos@zoulas.com>
	Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)
committer	Christos Zoulas <christos@zoulas.com>
	Sat, 2 May 2009 20:06:55 +0000 (20:06 +0000)