InfoSect's Month of Pointless Bonus Bugs (#34)
InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities. Bonus Bug #34 Another bios decompression bug. This time in awardeco. typedef struct { byte HeadLen; byte HeadCrc; byte Method[5]; dword PackLen; dword RealLen; dword TStamp; byte Attr; byte Level; byte FilenameLen; byte FileName[12]; word CRC16; byte DOS; word Empty; } LZHHead; ... /*--------------------------------- XtractAwd ----------------------------------*/ byte XtractAwd(FILE *ptx, byte Action, dword DecoOff, dword FirstOff, byte i sASUS) { FILE *pto;