From 3a81e075fa773707432d8e3f71cbc9348670536e Mon Sep 17 00:00:00 2001
From: delphij <delphij@FreeBSD.org>
Date: Mon, 25 Jul 2016 15:04:17 +0000
Subject: Fix bspatch heap overflow vulnerability. [SA-16:25]

Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]

Approved by:	so
---
 usr.bin/bsdiff/bspatch/bspatch.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'usr.bin/bsdiff/bspatch/bspatch.c')

diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index d2af3ca..92bc75b 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -155,6 +155,10 @@ int main(int argc,char * argv[])
 		};
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
+		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");
 
-- 
cgit v1.1