Try and guard against impossibly large data.

author Roy Marples <roy@marples.name>

Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)

committer Roy Marples <roy@marples.name>

Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)
author Roy Marples <roy@marples.name>
Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)
committer Roy Marples <roy@marples.name>
Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)
diff --git a/src/dhcpcd.c b/src/dhcpcd.c

index e6ff276623c310af5ecae7b98f1a94af200f5a1c..dc21583bf006aecee45ee36a803ff73c6b089405 100644 (file)
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -1686,6 +1686,10 @@ dhcpcd_readdump1(void *arg)
                         errno = EINVAL;
                 goto err;
         }
+       if (ctx->ctl_buflen > SSIZE_MAX) {
+               errno = ENOBUFS;
+               goto err;
+       }
  
         free(ctx->ctl_buf);
         ctx->ctl_buf = malloc(ctx->ctl_buflen);
diff --git a/src/privsep-root.c b/src/privsep-root.c

index 00edd8a7ea36ef1a2f652c165183c9cf7686f6bd..025bde9bae2fb3bb8bec10b2d4499294470b0683 100644 (file)
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -151,10 +151,10 @@ ps_root_mreaderrorcb(void *arg)
                 PSR_ERROR(errno);
         else if ((size_t)len < sizeof(*psr_error))
                 PSR_ERROR(EINVAL);
-       else if (psr_error->psr_datalen > SSIZE_MAX)
-               PSR_ERROR(ENOBUFS);
  
-       if (psr_error->psr_datalen != 0) {
+       if (psr_error->psr_datalen > SSIZE_MAX)
+               PSR_ERROR(ENOBUFS);
+       else if (psr_error->psr_datalen != 0) {
                 psr_ctx->psr_data = malloc(psr_error->psr_datalen);
                 if (psr_ctx->psr_data == NULL)
                         PSR_ERROR(errno);
author	Roy Marples <roy@marples.name>
	Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)
committer	Roy Marples <roy@marples.name>
	Wed, 10 Jun 2020 10:16:14 +0000 (11:16 +0100)
src/dhcpcd.c		patch \| blob \| blame \| history
src/privsep-root.c		patch \| blob \| blame \| history