From c627c6d93d77bc6b0b276dbd4a59eeb6e41146ef Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 22 Oct 2024 17:48:32 +0200
Subject: [PATCH] libkmod: Check node offset in index_mm_read_node

Add a cheap but important check to make sure that offsets do not point
outside of memory-mapped area.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/203
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
 libkmod/libkmod-index.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libkmod/libkmod-index.c b/libkmod/libkmod-index.c
index f047abfc..b41c02ec 100644
--- a/libkmod/libkmod-index.c
+++ b/libkmod/libkmod-index.c
@@ -679,7 +679,7 @@ static struct index_mm_node *index_mm_read_node(struct index_mm *idx, uint32_t o
 	uint32_t children[INDEX_CHILDMAX];
 	unsigned char first, last;
 
-	if ((offset & INDEX_NODE_MASK) == 0)
+	if ((offset & INDEX_NODE_MASK) == 0 || (offset & INDEX_NODE_MASK) >= idx->size)
 		return NULL;
 
 	p = (char *)p + (offset & INDEX_NODE_MASK);
-- 
2.47.2