From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 3 Aug 2021 13:53:31 +0000 (+0100)
Subject: creds: assert that credential read from file fits in data struct
X-Git-Tag: v250-rc1~884^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8954e891959448783e66ec5ee7a6bb6d4a0be82f;p=thirdparty%2Fsystemd.git

creds: assert that credential read from file fits in data struct

Coverity CID#1458114
---

diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index ee279e0c9c1..3bc5fbef512 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -299,6 +299,8 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
                         if (ret) {
                                 void *copy;
 
+                                assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */
+
                                 copy = memdup(f->data, sz);
                                 if (!copy)
                                         return -ENOMEM;