nerd/rufus
1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Code Issues 1 Projects Releases Wiki Activity

[bled] fix memory allocation issue for 32-bit in unpack_lzma_stream()

Browse source 
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* Also update the lock thread workflow to try to avoid recent failures.
This commit is contained in:
Pete Batard 2024-04-22 12:53:27 +01:00
parent 513c5f44a5
commit eb45c97667
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
3 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/lock.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
steps: steps:
- uses: dessant/lock-threads@v5 - uses: dessant/lock-threads@v5
with: with:
github-token: ${{ github.token }} github-token: ${{ secrets.GITHUB_TOKEN }}
issue-inactive-days: '90' issue-inactive-days: '90'
issue-comment: > issue-comment: >
This thread has been automatically locked since there has not been This thread has been automatically locked since there has not been

5
src/bled/decompress_unlzma.c
View file

@ -255,6 +255,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
header.dict_size = SWAP_LE32(header.dict_size); header.dict_size = SWAP_LE32(header.dict_size);
header.dst_size = SWAP_LE64(header.dst_size); header.dst_size = SWAP_LE64(header.dst_size);
if (header.dict_size > 1024 * 1024 * 1024) {
bb_simple_error_msg("lzma dictionary size too large");
return -1;
}
if (header.dict_size == 0) if (header.dict_size == 0)
header.dict_size++; header.dict_size++;

10
src/rufus.rc
View file

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326 IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 4.5.2130" CAPTION "Rufus 4.5.2131"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -397,8 +397,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 4,5,2130,0 FILEVERSION 4,5,2131,0
PRODUCTVERSION 4,5,2130,0 PRODUCTVERSION 4,5,2131,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -416,13 +416,13 @@ BEGIN
VALUE "Comments", "https://rufus.ie" VALUE "Comments", "https://rufus.ie"
VALUE "CompanyName", "Akeo Consulting" VALUE "CompanyName", "Akeo Consulting"
VALUE "FileDescription", "Rufus" VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "4.5.2130" VALUE "FileVersion", "4.5.2131"
VALUE "InternalName", "Rufus" VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)" VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
VALUE "OriginalFilename", "rufus-4.5.exe" VALUE "OriginalFilename", "rufus-4.5.exe"
VALUE "ProductName", "Rufus" VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "4.5.2130" VALUE "ProductVersion", "4.5.2131"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"