From e9e84b258534867ada8546cd53545ae93c94c5cf Mon Sep 17 00:00:00 2001
From: delphij <delphij@FreeBSD.org>
Date: Mon, 25 Jul 2016 14:53:04 +0000
Subject: Fix bspatch heap overflow vulnerability.

Obtained from:	Chromium
Reported by:	Lu Tung-Pin
Security:	FreeBSD-SA-16:25.bspatch
---
 usr.bin/bsdiff/bspatch/bspatch.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'usr.bin/bsdiff/bspatch/bspatch.c')

diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index d2af3ca..92bc75b 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -155,6 +155,10 @@ int main(int argc,char * argv[])
 		};
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
+		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");
 
-- 
cgit v1.1