From 6efa8290d8df489ed472edbdf6ce27002f4323b6 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Wed, 15 Apr 2020 17:06:35 +0200 Subject: [PATCH] Fixed oob read in parallel_process_irp_read --- channels/parallel/client/parallel_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c index c49536f85..734cf9667 100644 --- a/channels/parallel/client/parallel_main.c +++ b/channels/parallel/client/parallel_main.c @@ -149,6 +149,8 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp) UINT64 Offset; ssize_t status; BYTE* buffer = NULL; + if (Stream_GetRemainingLength(irp->input) < 12) + return ERROR_INVALID_DATA; Stream_Read_UINT32(irp->input, Length); Stream_Read_UINT64(irp->input, Offset); buffer = (BYTE*)malloc(Length);