From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Mar 2019 09:33:45 +0000 (+0100)
Subject: ask-password: add extra paranoid overflow check
X-Git-Tag: v242-rc1~103^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F12047%2Fhead;p=thirdparty%2Fsystemd.git

ask-password: add extra paranoid overflow check
---

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 88335c6d085..ab0c34692f1 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -77,13 +77,18 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
                 if (n < 0)
                         return -errno;
-
                 if (n < m)
                         break;
 
                 explicit_bzero_safe(p, n);
-                free(p);
+
+                if (m > LONG_MAX / 2) /* overflow check */
+                        return -ENOMEM;
                 m *= 2;
+                if ((long) (size_t) m != m) /* make sure that this still fits if converted to size_t */
+                        return -ENOMEM;
+
+                free(p);
         }
 
         l = strv_parse_nulstr(p, n);