diff options
author | delphij <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-07-25 15:04:17 +0000 |
commit | 3a81e075fa773707432d8e3f71cbc9348670536e (patch) | |
tree | 7033a73957a69c75879fbb375ea2c66ace9c6ced /usr.bin/bsdiff | |
parent | 1c978b35b9ee5349b17431da32fc8f413549f4ce (diff) | |
download | FreeBSD-src-3a81e075fa773707432d8e3f71cbc9348670536e.zip FreeBSD-src-3a81e075fa773707432d8e3f71cbc9348670536e.tar.gz |
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
Diffstat (limited to 'usr.bin/bsdiff')
-rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index d2af3ca..92bc75b 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -155,6 +155,10 @@ int main(int argc,char * argv[]) }; /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); |