2009-01-09 Rodrigo Kumpera <[email protected]>

	* metadata-verify.c: Add lfanew verification.

svn path=/trunk/mono/; revision=123062

mono/metadata/ChangeLog

@@ -1,32 +1,6 @@
-2009-01-12  Jb Evain  <[email protected]>
-
-	* tabldefs.h: rename METHOD_ATTRIBUTE_CHECK_ACCESS_ON_OVERRIDE to
-	METHOD_ATTRIBUTE_STRICT to match the ECMA terminology.
-
-2009-01-10  Zoltan Varga  <[email protected]>
-
-	* socket-io.c: Fix the build.
-
-	* environment.c: Fix an #ifdef.
-
-2009-01-09  Zoltan Varga  <[email protected]>
-
-	* threadpool.c (async_invoke_thread): Handle the wait function returning
-	WAIT_IO_COMPLETION as well.
-	(async_invoke_io_thread): Ditto.
-
-2009-01-09  Bill Holmes  <[email protected]>
-
-	* threads.c: Fixing the Windows build.
-
-	Code is contributed under MIT/X11 license.
-
-2009-01-09  Zoltan Varga  <[email protected]>
+2009-01-09 Rodrigo Kumpera  <[email protected]>
 
-	* threads.c (signal_thread_state_change): Call wapi_interrupt_thread () to
-	interrupt a wait.
-	(mono_thread_execute_interruption): Call wapi_clear_interruption () to enable
-	the thread to wait again.
+	* metadata-verify.c: Add lfanew verification.
 
 2009-01-09 Rodrigo Kumpera  <[email protected]>
 

mono/metadata/metadata-verify.c

@@ -42,14 +42,19 @@ typedef struct {
 static void
 verify_msdos_header (VerifyContext *ctx)
 {
+	guint32 lfanew;
 	if (ctx->size < 128) {
 		ADD_ERROR (ctx, g_strdup ("Not enough space for the MS-DOS header"));
 		return;
 	}
 	if (ctx->data [0] != 0x4d || ctx->data [1] != 0x5a)
 		ADD_ERROR (ctx,  g_strdup ("Invalid MS-DOS watermark"));
+	lfanew = read32 (ctx->data + 0x3c);
+	if (lfanew > ctx->size - 4)
+		ADD_ERROR (ctx,  g_strdup ("MS-DOS lfanew offset points to outside of the file"));
 }
 
+
 GSList*
 mono_image_verify (const char *data, guint32 size)
 {