From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 22 Oct 2024 15:48:32 +0000 (+0200)
Subject: libkmod: Check node offset in index_mm_read_node
X-Git-Tag: v34~198
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c627c6d93d77bc6b0b276dbd4a59eeb6e41146ef;p=thirdparty%2Fkmod.git

libkmod: Check node offset in index_mm_read_node

Add a cheap but important check to make sure that offsets do not point
outside of memory-mapped area.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/203
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---

diff --git a/libkmod/libkmod-index.c b/libkmod/libkmod-index.c
index f047abfc..b41c02ec 100644
--- a/libkmod/libkmod-index.c
+++ b/libkmod/libkmod-index.c
@@ -679,7 +679,7 @@ static struct index_mm_node *index_mm_read_node(struct index_mm *idx, uint32_t o
 	uint32_t children[INDEX_CHILDMAX];
 	unsigned char first, last;
 
-	if ((offset & INDEX_NODE_MASK) == 0)
+	if ((offset & INDEX_NODE_MASK) == 0 || (offset & INDEX_NODE_MASK) >= idx->size)
 		return NULL;
 
 	p = (char *)p + (offset & INDEX_NODE_MASK);