From f760cd20bf3d1ee5f736ad94fb2e22010ffd0718 Mon Sep 17 00:00:00 2001
From: Maxime Meignan <maxime.meignan@wavestone.com>
Date: Tue, 15 Nov 2022 16:38:40 +0100
Subject: [PATCH] Remove possibility of crash when giving a malformed CSV

---
 EDRSandblast/Utils/NtoskrnlOffsets.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/EDRSandblast/Utils/NtoskrnlOffsets.c b/EDRSandblast/Utils/NtoskrnlOffsets.c
index 5c8de6e..2b5ef4f 100644
--- a/EDRSandblast/Utils/NtoskrnlOffsets.c
+++ b/EDRSandblast/Utils/NtoskrnlOffsets.c
@@ -28,9 +28,13 @@ void LoadNtoskrnlOffsetsFromFile(TCHAR* ntoskrnlOffsetFilename) {
         return;
     }
 
-    TCHAR lineNtoskrnlVersion[256];
+    TCHAR lineNtoskrnlVersion[2048];
     TCHAR line[2048];
     while (_fgetts(line, _countof(line), offsetFileStream)) {
+        if (_tcsncmp(line, TEXT("ntoskrnl"), _countof(TEXT("ntoskrnl")) - 1)) {
+            _putts_or_not(TEXT("[-] CSV file format is unexpected!\n"));
+            break;
+        }
         TCHAR* dupline = _tcsdup(line);
         TCHAR* tmpBuffer = NULL;
         _tcscpy_s(lineNtoskrnlVersion, _countof(lineNtoskrnlVersion), _tcstok_s(dupline, TEXT(","), &tmpBuffer));