]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 96bf7e1)
vmspawn: check overflow earlier
authorYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 1 Aug 2024 02:50:53 +0000 (11:50 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 1 Aug 2024 13:42:08 +0000 (22:42 +0900)
Follow-up for 862c68a914ab4561d83875e58e05dcf65cb4a551.
Fixes CID#1550749.

src/vmspawn/vmspawn.c patch | blob | blame | history

diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index 8fad195abcdf8e4aa1d337f7151c71fb61a7e977..030efbdb23fc40aca9f0aa3d3cee10a7f50f7d0a 100644 (file)
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -626,10 +626,10 @@ static int read_vsock_notify(NotifyConnectionData *d, int fd) {
                 if (n == 0) /* We hit EOF! Let's parse this */
                         break;
 
-                d->full += n;
-
-                if (d->full >= sizeof(d->buffer))
+                if ((size_t) n >= sizeof(d->buffer) - d->full)
                         return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Received notify message exceeded maximum size.");
+
+                d->full += n;
         }
 
         /* We reached EOF, now parse the thing */
Unnamed repository; edit this file 'description' to name the repository.