Fix bspatch heap overflow vulnerability.
Obtained from: Chromium Reported by: Lu Tung-Pin Security: FreeBSD-SA-16:25.bspatch
This commit is contained in:
parent
ae1b731b5d
commit
2c8d04d022
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=303298
@ -163,6 +163,10 @@ int main(int argc,char * argv[])
|
|||||||
ctrl[i]=offtin(buf);
|
ctrl[i]=offtin(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Sanity-check */
|
||||||
|
if ((ctrl[0] < 0) || (ctrl[1] < 0))
|
||||||
|
errx(1,"Corrupt patch\n");
|
||||||
|
|
||||||
/* Sanity-check */
|
/* Sanity-check */
|
||||||
if(newpos+ctrl[0]>newsize)
|
if(newpos+ctrl[0]>newsize)
|
||||||
errx(1,"Corrupt patch\n");
|
errx(1,"Corrupt patch\n");
|
||||||
|
Loading…
Reference in New Issue
Block a user