From 202a4d52bcc6a69889c9f475a74a6570081e5cf6 Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Thu, 28 Jun 2012 13:54:50 +0200 Subject: [PATCH] patch: fits Squashed commit of the following: commit c66982caadfad47db632647bcc19bcf480008bfc Author: Michael Natterer Date: Wed Jun 6 21:21:10 2012 +0200 Bug 676804 - file handling DoS for fit file format Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on broken/malicious fits files. (cherry picked from commit ace45631595e8781a1420842582d67160097163c) --- plug-ins/file-fits/fits-io.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c index 03d9652..ed77318 100644 --- a/plug-ins/file-fits/fits-io.c +++ b/plug-ins/file-fits/fits-io.c @@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); if (hdulist->used.xtension) - { - fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); - strcpy (hdulist->xtension, fdat->fstring); - } + { + fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); + if (fdat != NULL) + { + strcpy (hdulist->xtension, fdat->fstring); + } + else + { + strcpy (errmsg, "No valid XTENSION header found."); + goto err_return; + } + } FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); hdulist->naxis = fdat->flong; -- 1.7.10.2