Mirror/GodMode9
1
0
Fork 1
mirror of https://github.com/d0k3/GodMode9.git synced 2025-06-26 13:42:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

ticket.db: fix out of bounds reads

Browse Source
This commit is contained in:
d0k3 2018-10-23 01:47:16 +02:00
parent 2b8d4fcc04
commit 449a89277e
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
arm9/source/game/ticketdb.c
View File

@ -76,7 +76,7 @@ u32 FindTicket(Ticket* ticket, u8* title_id, bool force_legit, bool emunand) {
// parse the decoded data for a ticket
bool found = false;
for (u32 i = 0; !found && (i < TICKDB_AREA_SIZE + 0x400); i += 0x200) {
for (u32 i = 0; !found && (i <= TICKDB_AREA_SIZE - 0x400); i += 0x200) {
Ticket* tick = TicketFromTickDbChunk(data + i, title_id, force_legit);
if (!tick) continue;
memcpy(ticket, tick, sizeof(Ticket));

2
arm9/source/utils/gameutil.c
View File

@ -2240,7 +2240,7 @@ u32 BuildTitleKeyInfo(const char* path, bool dec, bool dump) {
}
// parse the decoded data for valid tickets
for (u32 i = 0; i < TICKDB_AREA_SIZE + 0x400; i += 0x200) {
for (u32 i = 0; i <= TICKDB_AREA_SIZE - 0x400; i += 0x200) {
Ticket* ticket = TicketFromTickDbChunk(data + i, NULL, true);
if (!ticket || (ticket->commonkey_idx >= 2) || !getbe64(ticket->ticket_id)) continue;
if (TIKDB_SIZE(tik_info) + 32 > STD_BUFFER_SIZE) break; // no error message

4
arm9/source/virtual/vtickdb.c
View File

@ -85,7 +85,7 @@ void ScanTickDb(bool raw_mode, bool replace) {
ShowString("Loading DIFF data...");
if (ReadDisaDiffIvfcLvl4(NULL, &diff_info, TICKDB_AREA_OFFSET, TICKDB_AREA_SIZE, data) == TICKDB_AREA_SIZE) {
// parse the decoded data for valid tickets
for (u32 i = 0; i < TICKDB_AREA_SIZE + 0x400; i += 0x200) {
for (u32 i = 0; i <= TICKDB_AREA_SIZE - 0x400; i += 0x200) {
if (!(i % 0x10000) && !ShowProgress(i, TICKDB_AREA_SIZE, "Scanning for tickets")) break;
Ticket* ticket = TicketFromTickDbChunk(data + i, NULL, true);
if (!ticket) continue;
@ -99,7 +99,7 @@ void ScanTickDb(bool raw_mode, bool replace) {
ShowString("Loading raw data (%lu)...", p);
if (ReadImageBytes(data, offset_area, TICKDB_AREA_SIZE) != 0)
continue;
for (u32 i = 0; i < TICKDB_AREA_SIZE + 0x400; i += 0x200) {
for (u32 i = 0; i <= TICKDB_AREA_SIZE - 0x400; i += 0x200) {
if (!(i % 0x10000) && !ShowProgress(i, TICKDB_AREA_SIZE, "Scanning for tickets")) break;
Ticket* ticket = TicketFromTickDbChunk(data + i, NULL, true);
if (!ticket) continue;