Do not try to read more than file length, refs #17

ralphje · Jun 8, 2024 · 81a135c · 81a135c
1 parent 337db8d
commit 81a135c
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/signify/authenticode/signed_pe.py b/signify/authenticode/signed_pe.py
@@ -222,7 +222,8 @@ def _parse_cert_table(self) -> Iterator[ParsedCertTable]:
             )
 
         position = locations["certtable"].start
-        while position < sum(locations["certtable"]):
+        certtable_end = sum(locations["certtable"])
+        while position < certtable_end:
             # check if this position is viable, we need at least 8 bytes for our header
             if position + 8 > self._filelength:
                 raise SignedPEParseError(
@@ -235,7 +236,7 @@ def _parse_cert_table(self) -> Iterator[ParsedCertTable]:
 
             # check if we are not going to perform a negative read (and 0 bytes is
             # weird as well)
-            if length <= 8:
+            if length <= 8 or position + length > certtable_end:
                 raise SignedPEParseError("Invalid length in certificate table header")
             certificate = self.file.read(length - 8)