Author: delphij Date: Mon Jul 25 14:45:48 2016 New Revision: 303298 URL: https://svnweb.freebsd.org/changeset/base/303298
Log: Fix bspatch heap overflow vulnerability. Obtained from: Chromium Reported by: Lu Tung-Pin Security: FreeBSD-SA-16:25.bspatch Modified: head/usr.bin/bsdiff/bspatch/bspatch.c Modified: head/usr.bin/bsdiff/bspatch/bspatch.c ============================================================================== --- head/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 14:36:55 2016 (r303297) +++ head/usr.bin/bsdiff/bspatch/bspatch.c Mon Jul 25 14:45:48 2016 (r303298) @@ -164,6 +164,10 @@ int main(int argc,char * argv[]) } /* Sanity-check */ + if ((ctrl[0] < 0) || (ctrl[1] < 0)) + errx(1,"Corrupt patch\n"); + + /* Sanity-check */ if(newpos+ctrl[0]>newsize) errx(1,"Corrupt patch\n"); _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"