Tree - rpms/fwupdate - CentOS Git server

Blob History Raw

		453bef	`From 2192afd376759f9b0e3720692046baccabf114e9 Mon Sep 17 00:00:00 2001`
		453bef	`From: Peter Jones <pjones@redhat.com>`
		453bef	`Date: Mon, 8 May 2017 15:55:59 -0400`
		453bef	`Subject: [PATCH 11/11] put_info(): try to limit bounds of our duplicated`
		453bef	`device path more...`
		453bef
		453bef	`Signed-off-by: Peter Jones <pjones@redhat.com>`
		453bef	`---`
		453bef	`linux/libfwup.c \| 5 ++++-`
		453bef	`1 file changed, 4 insertions(+), 1 deletion(-)`
		453bef
		453bef	`diff --git a/linux/libfwup.c b/linux/libfwup.c`
		453bef	`index c14a996..b29a0e5 100644`
		453bef	`--- a/linux/libfwup.c`
		453bef	`+++ b/linux/libfwup.c`
		453bef	`@@ -377,7 +377,10 @@ err:`
		453bef	`return -1;`
		453bef	`}`
		453bef	`/* Make sure sizeof(info) + dps won't integer overflow /`
		453bef	`- if ((size_t)dps > SSIZE_MAX - sizeof(*info)) {`
		453bef	`+ if (((size_t)dps >= SSIZE_MAX - sizeof(*info)) \|\|`
		453bef	`+ /* Make sure extra hard by just picking an astonishingly large`
		453bef	`+ * value that's merely very very unlikely... */`
		453bef	`+ ((ssize_t)dps > sysconf(_SC_PAGESIZE) * 100)) {`
		453bef	`efi_error("device path size (%zd) would overflow", dps);`
		453bef	`errno = EOVERFLOW;`
		453bef	`return -1;`
		453bef	`--`
		453bef	`2.12.2`
		453bef