From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 1 Aug 2024 03:03:54 +0000 (+0900)
Subject: import: check overflow
X-Git-Tag: v257-rc1~776^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F33893%2Fhead;p=thirdparty%2Fsystemd.git

import: check overflow

Fixes CID#1548022 and CID#1548075.
---

diff --git a/src/import/import-raw.c b/src/import/import-raw.c
index ee9b297bfeb..78775b96d67 100644
--- a/src/import/import-raw.c
+++ b/src/import/import-raw.c
@@ -409,6 +409,11 @@ static int raw_import_process(RawImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
diff --git a/src/import/import-tar.c b/src/import/import-tar.c
index 39df11b5ff6..976c9182461 100644
--- a/src/import/import-tar.c
+++ b/src/import/import-tar.c
@@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {