-Added a (high) hard-coded limit to the number of directory entries to process. Some specially crafted directories could lead to long processing times
git-svn-id: http://pefile.googlecode.com/svn/trunk@102 8842bc4e-7134-0410-8230-5dc5194fb5c1
diff --git a/pefile.py b/pefile.py
index e0b297a..a53f699 100644
--- a/pefile.py
+++ b/pefile.py
@@ -2610,19 +2610,28 @@
resource_dir.NumberOfNamedEntries +
resource_dir.NumberOfIdEntries )
+ # Set a hard limit on the maximum resonable number of entries
+ MAX_ALLOWED_ENTRIES = 4096
+ if number_of_entries > MAX_ALLOWED_ENTRIES:
+ self.__warnings.append(
+ 'Error parsing the resources directory, '
+ 'The directory contains %d entries (>%s)' %
+ (number_of_entries, MAX_ALLOWED_ENTRIES) )
+ return None
+
strings_to_postprocess = list()
for idx in xrange(number_of_entries):
+
res = self.parse_resource_entry(rva)
if res is None:
self.__warnings.append(
- 'Error parsing the resources directory, ' +
+ 'Error parsing the resources directory, '
'Entry %d is invalid, RVA = 0x%x. ' %
(idx, rva) )
break
-
entry_name = None
entry_id = None
@@ -2640,8 +2649,8 @@
except PEFormatError, excp:
self.__warnings.append(
- 'Error parsing the resources directory, ' +
- 'attempting to read entry name. ' +
+ 'Error parsing the resources directory, '
+ 'attempting to read entry name. '
'Can\'t read unicode string at offset 0x%x' %
(ustr_offset) )
@@ -2665,6 +2674,7 @@
else:
entry_directory = self.parse_resources_directory(
base_rva+res.OffsetToDirectory,
+ size-(rva-base_rva), # size
base_rva=base_rva, level = level+1,
dirs=dirs + [base_rva + res.OffsetToDirectory])
