reglib: Validate all structure and array lengths
Add checks that:
- Signature length does not exceed the file length (this was already
checked, but did not account for signature lengths greater than 2 GB)
- Database length is long enough for all structures we expect in it
- Array length calculations will not overflow
To keep these checks simple, change the types of array length and index
variables to unsigned int (must be at least 32-bit, matching the file
format) and the types of byte-length variables to size_t.
Alexandre Rebert <email@example.com> reported and provided a test case
for the signature length issue; the others I found by inspection.
Signed-off-by: Ben Hutchings <firstname.lastname@example.org>
Signed-off-by: Luis R. Rodriguez <email@example.com>
2 files changed