From eb45c976674da426208ad7a3a011447e89eeb0cb Mon Sep 17 00:00:00 2001
From: Pete Batard <pete@akeo.ie>
Date: Mon, 22 Apr 2024 12:53:27 +0100
Subject: [PATCH] [bled] fix memory allocation issue for 32-bit in
 unpack_lzma_stream()

* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* Also update the lock thread workflow to try to avoid recent failures.
---
 .github/workflows/lock.yml   |  2 +-
 src/bled/decompress_unlzma.c |  5 +++++
 src/rufus.rc                 | 10 +++++-----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
index ef9e5f1a..7f5a94b5 100644
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - uses: dessant/lock-threads@v5
         with:
-          github-token: ${{ github.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           issue-inactive-days: '90'
           issue-comment: >
             This thread has been automatically locked since there has not been
diff --git a/src/bled/decompress_unlzma.c b/src/bled/decompress_unlzma.c
index 7eacf153..856193cb 100644
--- a/src/bled/decompress_unlzma.c
+++ b/src/bled/decompress_unlzma.c
@@ -255,6 +255,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
 	header.dict_size = SWAP_LE32(header.dict_size);
 	header.dst_size = SWAP_LE64(header.dst_size);
 
+	if (header.dict_size > 1024 * 1024 * 1024) {
+		bb_simple_error_msg("lzma dictionary size too large");
+		return -1;
+	}
+
 	if (header.dict_size == 0)
 		header.dict_size++;
 
diff --git a/src/rufus.rc b/src/rufus.rc
index 8ec32d0d..0435c0b5 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 4.5.2130"
+CAPTION "Rufus 4.5.2131"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -397,8 +397,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,5,2130,0
- PRODUCTVERSION 4,5,2130,0
+ FILEVERSION 4,5,2131,0
+ PRODUCTVERSION 4,5,2131,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -416,13 +416,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "4.5.2130"
+            VALUE "FileVersion", "4.5.2131"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "� 2011-2024 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-4.5.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "4.5.2130"
+            VALUE "ProductVersion", "4.5.2131"
         END
     END
     BLOCK "VarFileInfo"