diff options
| author | Jack <66967891+ASpoonPlaysGames@users.noreply.github.com> | 2023-12-27 00:32:01 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-27 01:32:01 +0100 |
| commit | f5ab6fb5e8be7b73e6003d4145081d5e0c0ce287 (patch) | |
| tree | 90f2c6a4885dbd181799e2325cf33588697674e1 /NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp | |
| parent | bb8ed59f6891b1196c5f5bbe7346cd171c8215fa (diff) | |
| download | NorthstarLauncher-f5ab6fb5e8be7b73e6003d4145081d5e0c0ce287.tar.gz NorthstarLauncher-f5ab6fb5e8be7b73e6003d4145081d5e0c0ce287.zip | |
Folder restructuring from primedev (#624)v1.21.2-rc3v1.21.2
Copies of over the primedev folder structure for easier cherry-picking of further changes
Co-authored-by: F1F7Y <filip.bartos07@proton.me>
Diffstat (limited to 'NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp')
| -rw-r--r-- | NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp b/NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp deleted file mode 100644 index ccb6ac18..00000000 --- a/NorthstarDLL/shared/exploit_fixes/exploitfixes_lzss.cpp +++ /dev/null @@ -1,78 +0,0 @@ - -AUTOHOOK_INIT() - -static constexpr int LZSS_LOOKSHIFT = 4; - -struct lzss_header_t -{ - unsigned int id; - unsigned int actualSize; -}; - -// Rewrite of CLZSS::SafeUncompress to fix a vulnerability where malicious compressed payloads could cause the decompressor to try to read -// out of the bounds of the output buffer. -// clang-format off -AUTOHOOK(CLZSS__SafeDecompress, engine.dll + 0x432A10, -unsigned int, __fastcall, (void* self, const unsigned char* pInput, unsigned char* pOutput, unsigned int unBufSize)) -// clang-format on -{ - unsigned int totalBytes = 0; - int getCmdByte = 0; - int cmdByte = 0; - - lzss_header_t header = *(lzss_header_t*)pInput; - - if (!pInput || !header.actualSize || header.id != 0x53535A4C || header.actualSize > unBufSize) - return 0; - - pInput += sizeof(lzss_header_t); - - for (;;) - { - if (!getCmdByte) - cmdByte = *pInput++; - - getCmdByte = (getCmdByte + 1) & 0x07; - - if (cmdByte & 0x01) - { - int position = *pInput++ << LZSS_LOOKSHIFT; - position |= (*pInput >> LZSS_LOOKSHIFT); - position += 1; - int count = (*pInput++ & 0x0F) + 1; - if (count == 1) - break; - - // Ensure reference chunk exists entirely within our buffer - if (position > totalBytes) - return 0; - - totalBytes += count; - if (totalBytes > unBufSize) - return 0; - - unsigned char* pSource = pOutput - position; - for (int i = 0; i < count; i++) - *pOutput++ = *pSource++; - } - else - { - totalBytes++; - if (totalBytes > unBufSize) - return 0; - - *pOutput++ = *pInput++; - } - cmdByte = cmdByte >> 1; - } - - if (totalBytes != header.actualSize) - return 0; - - return totalBytes; -} - -ON_DLL_LOAD("engine.dll", ExploitFixes_LZSS, (CModule module)) -{ - AUTOHOOK_DISPATCH() -} |