---
dm.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/dm.c b/dm.c
index 814d7d2..289bc0d 100644
--- a/dm.c
+++ b/dm.c
@@ -293,7 +293,8 @@ dm_known_ioctl(struct tcb *tcp, const unsigned int code,
long arg)
if (!ioc)
return 0;
- if (umoven(tcp, arg, sizeof(*ioc) - sizeof(ioc->data), ioc) < 0) {
+ if ((umoven(tcp, arg, sizeof(*ioc) - sizeof(ioc->data), ioc) < 0) ||
+ (ioc->data_size < offsetof(struct dm_ioctl, data_size))) {
free(ioc);
return 0;
}
@@ -335,6 +336,11 @@ dm_known_ioctl(struct tcb *tcp, const unsigned int code,
long arg)
goto skip;
}
+ if (ioc->data_size < (sizeof(*ioc) - sizeof(ioc->data))) {
+ tprints(", /* Incorrect data_size */ ...");
+ goto skip;
+ }
+
dm_decode_device(code, ioc);
dm_decode_values(tcp, code, ioc);
dm_decode_flags(ioc);
--
1.7.10.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Strace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/strace-devel
