bspatch

Xin LI Mon, 25 Jul 2016 07:46:12 -0700

Author: delphij
Date: Mon Jul 25 14:45:48 2016
New Revision: 303298
URL: https://svnweb.freebsd.org/changeset/base/303298


Log:
  Fix bspatch heap overflow vulnerability.
  
  Obtained from:        Chromium
  Reported by:  Lu Tung-Pin
  Security:     FreeBSD-SA-16:25.bspatch

Modified:
  head/usr.bin/bsdiff/bspatch/bspatch.c

Modified: head/usr.bin/bsdiff/bspatch/bspatch.c
==============================================================================
--- head/usr.bin/bsdiff/bspatch/bspatch.c       Mon Jul 25 14:36:55 2016        
(r303297)
+++ head/usr.bin/bsdiff/bspatch/bspatch.c       Mon Jul 25 14:45:48 2016        
(r303298)
@@ -164,6 +164,10 @@ int main(int argc,char * argv[])
                }
 
                /* Sanity-check */
+               if ((ctrl[0] < 0) || (ctrl[1] < 0))
+                       errx(1,"Corrupt patch\n");
+
+               /* Sanity-check */
                if(newpos+ctrl[0]>newsize)
                        errx(1,"Corrupt patch\n");
 
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r303298 - head/usr.bin/bsdiff/bspatch

Reply via email to