Site Navigation

Date:      Mon, 25 Jul 2016 14:42:43 +0300
From:      Michael Zhilin <mizhka@gmail.com>
To:        Gleb Smirnoff <glebius@freebsd.org>
Cc:        Andrey Chernov <ache@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r303264 - head/usr.bin/calendar/calendars/ru_RU.UTF-8
Message-ID:  <CAF19XBLkSKZzzcWpg=wj1NLjd1LpaNRyu5sHXp2P-bSDUJpRDg@mail.gmail.com>
In-Reply-To: <20160724204431.GM1076@FreeBSD.org>
References:  <201607241035.u6OAZijR023467@repo.freebsd.org> <76ecf576-3b05-9a58-9c58-6b45f49b7286@freebsd.org> <20160724204431.GM1076@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

SGkgR2xlYiwgQW5kcmV5LA0KDQpDb3VsZCB5b3UgcGxlYXNlIGZpeCBvbmUgbW9yZSBsaW5lIGlu
DQp1c3IuYmluL2NhbGVuZGFyL2NhbGVuZGFycy9ydV9SVS5VVEYtOC9jYWxlbmRhci5jb21tb246
DQogPj4gNyDQvdC+0Y/QsS4gICAg0JTQtdC90Ywg0L7QutGCLtGP0LHRgNGM0YHQutC+0Lkg0YDQ
tdCy0L7Qu9GO0YbQuNC4IDE5MTcg0LPQvtC00LANCg0KQlRXLCB0aGUgbGluZSBvZiAidXNyLmJp
bi9jYWxlbmRhci9jYWxlbmRhcnMvcnVfUlUuVVRGLTgvY2FsZW5kYXIubWlsaXRhcnkiDQpwcm9i
YWJseSBoYXMgaW5jb3JyZWN0IGRhdGU6DQogPj4gNyDQvdC+0Y/QsS4gICAg0JTQtdC90Ywg0L7R
gdCy0L7QsdC+0LbQtNC10L3QuNGPINCc0L7RgdC60LLRiyDRgdC40LvQsNC80Lgg0L3QsNGA0L7Q
tNC90L7Qs9C+INC+0L/QvtC70YfQtdC90LjRjyDQv9C+0LQNCtGA0YPQutC+0LLQvtC00YHRgtCy
0L7QvCDQmtGD0LfRjNC80Ysg0JzQuNC90LjQvdCwINC4INCU0LzQuNGC0YDQuNGPINCf0L7QttCw
0YDRgdC60L7Qs9C+INC+0YIg0L/QvtC70YzRgdC60LjRhSDQuNC90YLQtdGA0LLQtdC90YLQvtCy
DQooMTYxMiDQs9C+0LQpDQoNCkkgc3VwcG9zZSBpdCBzaG91bGQgYmUgNHRoIG9mIE5vdmVtYmVy
IDopDQoNClRoYW5rIHlvdSwNCiAgTWljaGFlbCENCg0KMjAxNi0wNy0yNCAyMzo0NCBHTVQrMDM6
MDAgR2xlYiBTbWlybm9mZiA8Z2xlYml1c0BmcmVlYnNkLm9yZz46DQoNCj4gICBBbmRyZXksDQo+
DQo+ICAgdGhhbmtzLCBJIHdpbGwgZml4IHRoYXQuIFRydXN0aW5nIHNjcmlwdCBhbmQgbm90IGNo
ZWNraW5nIHJlc3VsdHMgd2FzDQo+IHN0dXBpZC4NCj4NCj4gT24gU3VuLCBKdWwgMjQsIDIwMTYg
YXQgMDY6MTY6MjZQTSArMDMwMCwgQW5kcmV5IENoZXJub3Ygd3JvdGU6DQo+IEE+IFdoYXQgaGFw
cGVucyB3aXRoIHRoZSBsaW5lcyBiZWxvdz8NCj4gQT4NCj4gQT4gT24gMjQuMDcuMjAxNiAxMzoz
NSwgR2xlYiBTbWlybm9mZiB3cm90ZToNCj4gQT4gPiBNb2RpZmllZDoNCj4gaGVhZC91c3IuYmlu
L2NhbGVuZGFyL2NhbGVuZGFycy9ydV9SVS5VVEYtOC9jYWxlbmRhci5vcnRob2RveA0KPiBBPiA+
IC3Qn9Cw0YHRhdCwLTcgICDQktGF0L7QtCDQk9C+0YHQv9C+0LTQtdC90Ywg0LIg0JjQtdGA0YPR
gdCw0LvQuNC8LiDQktC10YDQsdC90L7QtSDQktC+0YHQutGA0LXRgdC10L3RjNC1DQo+IEE+ID4g
K9Cf0LDRgdGF0LAtNyAgINCS0YXQvtC0INCT0L7RgdC/0L7QtNC10L3RjCDQsiDQmNC10YDRg9GB
0LDQu9C40LwuINCS0LXRgNCx0L3QvtC1INCS0L7RgdC60YDQtdGB0LXQvdGCLtGM0LUNCj4gQT4g
PiAr0J/QsNGB0YXQsCAgICAg0JLQvtGB0LrRgNC10YHQtdC90YIu0LjQtSDQpdGA0LjRgdGC0L7Q
stC+DQo+IEE+ID4gK9Cf0LDRgdGF0LArMzkgINCS0L7Qt9C90LXRgdC10L3Rgi7QuNC1DQo+IEE+
DQo+IEE+ID4gTW9kaWZpZWQ6IGhlYWQvdXNyLmJpbi9jYWxlbmRhci9jYWxlbmRhcnMvcnVfUlUu
VVRGLTgvY2FsZW5kYXIucGFnYW4NCj4gQT4gPiAtMTQg0LzQsNGAICAgINCd0L7QstGL0Lkg0JPQ
vtC0LCDQntCy0YHQtdC90Ywg0LzQsNC70YvQuQ0KPiBBPiA+ICsxNCDQvNCw0YDRgtCwICDQndC+
0LLRi9C5INCT0L7QtCwg0J7QstGB0LXQvdGCLtGMINC80LDQu9GL0LkNCj4gQT4gPiAtMjAg0LzQ
sNGAKiAgINCS0LXRgdC10L3QvdC40LUg0YDQsNCy0L3QvtC00LXQvdGB0YLQstC40LUNCj4gQT4g
PiAtIDcg0LDQv9GAICAgINCU0LXQvdGMINCc0LDRgNC10L3RiyAo0YHQtNCy0LjQvdGD0YLQvtC1
INCy0LXRgdC10L3QvdC10LUg0YDQsNCy0L3QvtC00LXQvdGB0YLQstC40LUpDQo+IEE+ID4gKzIw
INC80LDRgNGC0LAqINCS0LXRgdC10L3Rgi7QvdC40LUg0YDQsNCy0L3QvtC00LXQvdGB0YLQstC4
0LUNCj4gQT4gPiArIDcg0LDQv9GALiAgINCU0LXQvdGMINCc0LDRgNC10L3RiyAo0YHQtNCy0LjQ
vdGD0YLQvtC1INCy0LXRgdC10L3Rgi7QvdC10LUg0YDQsNCy0L3QvtC00LXQvdGB0YLQstC40LUp
DQo+IEE+ID4gKyA2INC80LDRjyAgICDQlNC10L3RjCDQlNCw0LbRjNCx0L7Qs9CwLCDQntCy0YHQ
tdC90YIu0Ywg0LHQvtC70YzRiNC+0LkNCj4gQT4NCj4NCj4gLS0NCj4gVG90dXMgdHV1cywgR2xl
Yml1cy4NCj4NCj4NCg==
From owner-svn-src-head@freebsd.org  Mon Jul 25 14:45:49 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47865BA332B;
 Mon, 25 Jul 2016 14:45:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 19693136F;
 Mon, 25 Jul 2016 14:45:49 +0000 (UTC)
 (envelope-from delphij@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u6PEjmSB050344;
 Mon, 25 Jul 2016 14:45:48 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u6PEjmOp050343;
 Mon, 25 Jul 2016 14:45:48 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201607251445.u6PEjmOp050343@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Mon, 25 Jul 2016 14:45:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r303298 - head/usr.bin/bsdiff/bspatch
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>;
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 14:45:49 -0000

Author: delphij
Date: Mon Jul 25 14:45:48 2016
New Revision: 303298
URL: https://svnweb.freebsd.org/changeset/base/303298

Log:
  Fix bspatch heap overflow vulnerability.
  
  Obtained from:	Chromium
  Reported by:	Lu Tung-Pin
  Security:	FreeBSD-SA-16:25.bspatch

Modified:
  head/usr.bin/bsdiff/bspatch/bspatch.c

Modified: head/usr.bin/bsdiff/bspatch/bspatch.c
==============================================================================
--- head/usr.bin/bsdiff/bspatch/bspatch.c	Mon Jul 25 14:36:55 2016	(r303297)
+++ head/usr.bin/bsdiff/bspatch/bspatch.c	Mon Jul 25 14:45:48 2016	(r303298)
@@ -164,6 +164,10 @@ int main(int argc,char * argv[])
 		}
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
+		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");
 

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF19XBLkSKZzzcWpg=wj1NLjd1LpaNRyu5sHXp2P-bSDUJpRDg>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact