Commit ace45631 authored by Michael Natterer's avatar Michael Natterer 😴

Bug 676804 - file handling DoS for fit file format

Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
broken/malicious fits files.
parent 09e3ce92
......@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
if (hdulist->used.xtension)
{
fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
strcpy (hdulist->xtension, fdat->fstring);
}
{
fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
if (fdat != NULL)
{
strcpy (hdulist->xtension, fdat->fstring);
}
else
{
strcpy (errmsg, "No valid XTENSION header found.");
goto err_return;
}
}
FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
hdulist->naxis = fdat->flong;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment