bspatch

Xin LI Mon, 25 Jul 2016 07:53:59 -0700

Author: delphij
Date: Mon Jul 25 14:53:04 2016
New Revision: 303301
URL: https://svnweb.freebsd.org/changeset/base/303301


Log:
  Fix bspatch heap overflow vulnerability.
  
  Obtained from:        Chromium
  Reported by:  Lu Tung-Pin
  Security:     FreeBSD-SA-16:25.bspatch

Modified:
  stable/10/usr.bin/bsdiff/bspatch/bspatch.c

Changes in other areas also in this revision:
Modified:
  stable/9/usr.bin/bsdiff/bspatch/bspatch.c

Modified: stable/10/usr.bin/bsdiff/bspatch/bspatch.c
==============================================================================
--- stable/10/usr.bin/bsdiff/bspatch/bspatch.c  Mon Jul 25 14:52:12 2016        
(r303300)
+++ stable/10/usr.bin/bsdiff/bspatch/bspatch.c  Mon Jul 25 14:53:04 2016        
(r303301)
@@ -155,6 +155,10 @@ int main(int argc,char * argv[])
                };
 
                /* Sanity-check */
+               if ((ctrl[0] < 0) || (ctrl[1] < 0))
+                       errx(1,"Corrupt patch\n");
+
+               /* Sanity-check */
                if(newpos+ctrl[0]>newsize)
                        errx(1,"Corrupt patch\n");
 
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"

svn commit: r303301 - in stable: 10/usr.bin/bsdiff/bspatch 9/usr.bin/bsdiff/bspatch

Reply via email to