diff options
| author | delphij <delphij@FreeBSD.org> | 2016-07-25 14:53:04 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2016-07-25 14:53:04 +0000 |
| commit | e9e84b258534867ada8546cd53545ae93c94c5cf (patch) | |
| tree | 8595a281d09089aa543a21d10f18330d4ad559b6 | |
| parent | a2304bc0db6fb1f2212a5c75eb1f696ff541a00b (diff) | |
| download | FreeBSD-src-e9e84b258534867ada8546cd53545ae93c94c5cf.zip FreeBSD-src-e9e84b258534867ada8546cd53545ae93c94c5cf.tar.gz | |
Fix bspatch heap overflow vulnerability.
Obtained from: Chromium
Reported by: Lu Tung-Pin
Security: FreeBSD-SA-16:25.bspatch
| -rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index d2af3ca..92bc75b 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); |
