From: Roy Marples <roy@marples.name>
Date: Tue, 9 Jun 2020 18:33:23 +0000 (+0100)
Subject: privsep: limit psr_datalen to SSIZE_MAX
X-Git-Tag: v9.1.2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa5f136a13b2d9371e4b56e52b93fef480816e1c;p=thirdparty%2Fdhcpcd.git

privsep: limit psr_datalen to SSIZE_MAX
---

diff --git a/src/privsep-root.c b/src/privsep-root.c
index 8ff32303..f3fc523c 100644
--- a/src/privsep-root.c
+++ b/src/privsep-root.c
@@ -151,6 +151,8 @@ ps_root_mreaderrorcb(void *arg)
 		PSR_ERROR(errno);
 	else if ((size_t)len < sizeof(*psr_error))
 		PSR_ERROR(EINVAL);
+	else if (psr_error->psr_datalen > SSIZE_MAX)
+		PSR_ERROR(ENOBUFS);
 
 	if (psr_error->psr_datalen != 0) {
 		psr_ctx->psr_data = malloc(psr_error->psr_datalen);