Date: Wed, 6 Mar 2024 16:24:31 GMT From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: c291b7914e1d - main - tarfs: Avoid overflow in exthdr calculation. Message-ID: <202403061624.426GOV5v025113@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=c291b7914e1db9469cc820abcb1f5dde7a6f7f28 commit c291b7914e1db9469cc820abcb1f5dde7a6f7f28 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2024-03-06 16:13:54 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2024-03-06 16:13:54 +0000 tarfs: Avoid overflow in exthdr calculation. MFC after: 3 days PR: 277420 Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D44202 --- sys/fs/tarfs/tarfs_vfsops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/fs/tarfs/tarfs_vfsops.c b/sys/fs/tarfs/tarfs_vfsops.c index df8ad240d032..05014bf10373 100644 --- a/sys/fs/tarfs/tarfs_vfsops.c +++ b/sys/fs/tarfs/tarfs_vfsops.c @@ -583,7 +583,8 @@ again: error = EINVAL; goto bad; } - if (line + len > exthdr + sz) { + if ((uintptr_t)line + len < (uintptr_t)line || + line + len > exthdr + sz) { TARFS_DPF(ALLOC, "%s: exthdr overflow\n", __func__); error = EINVAL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403061624.426GOV5v025113>