diff options
author | delphij <delphij@FreeBSD.org> | 2016-07-25 14:52:12 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-07-25 14:52:12 +0000 |
commit | fbb9ed1b222fe59662cb8cc67c250927cf15ff62 (patch) | |
tree | fba6a0f4b6a6dea559c2ab127de915a774626fa7 /usr.bin | |
parent | bae9418ffbed23529b54d269c036ef9af71671ef (diff) | |
download | FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.zip FreeBSD-src-fbb9ed1b222fe59662cb8cc67c250927cf15ff62.tar.gz |
Fix bspatch heap overflow vulnerability.
Obtained from: Chromium
Reported by: Lu Tung-Pin
Security: FreeBSD-SA-16:25.bspatch
Approved by: re (so@ blanket)
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/bsdiff/bspatch/bspatch.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c index eb99e5b..5d61412 100644 --- a/usr.bin/bsdiff/bspatch/bspatch.c +++ b/usr.bin/bsdiff/bspatch/bspatch.c @@ -164,6 +164,10 @@ int main(int argc,char * argv[]) } /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); |