]> git.ipfire.org Git - thirdparty/kmod.git/commitdiff
projects / thirdparty / kmod.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d056ac2)
libkmod: Check node offset in index_mm_read_node
authorTobias Stoeckmann <tobias@stoeckmann.org>
Tue, 22 Oct 2024 15:48:32 +0000 (17:48 +0200)
committerLucas De Marchi <lucas.de.marchi@gmail.com>
Tue, 22 Oct 2024 17:01:37 +0000 (12:01 -0500)
Add a cheap but important check to make sure that offsets do not point
outside of memory-mapped area.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/203
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
libkmod/libkmod-index.c patch | blob | blame | history

diff --git a/libkmod/libkmod-index.c b/libkmod/libkmod-index.c
index f047abfc3ef0700db538c9d80f0964c8ecc02ca5..b41c02ecd65e80d66d3ccdd2217aebe33bcbbab3 100644 (file)
--- a/libkmod/libkmod-index.c
+++ b/libkmod/libkmod-index.c
@@ -679,7 +679,7 @@ static struct index_mm_node *index_mm_read_node(struct index_mm *idx, uint32_t o
        uint32_t children[INDEX_CHILDMAX];
        unsigned char first, last;
 
-       if ((offset & INDEX_NODE_MASK) == 0)
+       if ((offset & INDEX_NODE_MASK) == 0 || (offset & INDEX_NODE_MASK) >= idx->size)
                return NULL;
 
        p = (char *)p + (offset & INDEX_NODE_MASK);
Unnamed repository; edit this file 'description' to name the repository.