Fix bspatch heap overflow vulnerability.

Obtained from: Chromium Reported by: Lu Tung-Pin Security: FreeBSD-SA-16:25.bspatch Approved by: re (so@ blanket)
author: delphij <delphij@FreeBSD.org> 2016-07-25 14:52:12 +0000
committer: delphij <delphij@FreeBSD.org> 2016-07-25 14:52:12 +0000
commit: fbb9ed1b222fe59662cb8cc67c250927cf15ff62 (patch)
tree: fba6a0f4b6a6dea559c2ab127de915a774626fa7 /usr.bin
parent: bae9418ffbed23529b54d269c036ef9af71671ef (diff)
download: FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.zip
FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index eb99e5b..5d61412 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -164,6 +164,10 @@ int main(int argc,char * argv[])
 		}
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
+		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");
author	delphij <delphij@FreeBSD.org>	2016-07-25 14:52:12 +0000
committer	delphij <delphij@FreeBSD.org>	2016-07-25 14:52:12 +0000
commit	fbb9ed1b222fe59662cb8cc67c250927cf15ff62 (patch)
tree	fba6a0f4b6a6dea559c2ab127de915a774626fa7 /usr.bin
parent	bae9418ffbed23529b54d269c036ef9af71671ef (diff)
download	FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.zip FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.tar.gz