From: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Date: Wed, 6 Jun 2012 12:36:29 +0000 (-0300)
Subject: libkmod-index: protect ourselves from corrupted indexes
X-Git-Tag: v9~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b05c327255405622400a6873fd955e1b5ef1aae;p=thirdparty%2Fkmod.git

libkmod-index: protect ourselves from corrupted indexes

If index is shorter than 12 bytes, we couldn't even read its header. Go
to error handling in this case.
---

diff --git a/libkmod/libkmod-index.c b/libkmod/libkmod-index.c
index 4ab4ed5f..a5933e2a 100644
--- a/libkmod/libkmod-index.c
+++ b/libkmod/libkmod-index.c
@@ -798,12 +798,14 @@ struct index_mm *index_mm_open(struct kmod_ctx *ctx, const char *filename,
 	}
 
 	fstat(fd, &st);
+	if ((size_t) st.st_size < sizeof(hdr))
+		goto fail_nommap;
 
 	if ((idx->mm = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0))
 							== MAP_FAILED) {
 		ERR(ctx, "mmap(0, %"PRIu64", PROT_READ, %d, MAP_PRIVATE, 0): %m\n",
 							st.st_size, fd);
-		goto fail;
+		goto fail_nommap;
 	}
 
 	p = idx->mm;
@@ -833,9 +835,9 @@ struct index_mm *index_mm_open(struct kmod_ctx *ctx, const char *filename,
 	return idx;
 
 fail:
+	munmap(idx->mm, st.st_size);
+fail_nommap:
 	close(fd);
-	if (idx->mm != MAP_FAILED)
-		munmap(idx->mm, st.st_size);
 fail_open:
 	free(idx);
 	return NULL;