Date: Thu, 19 Sep 2024 13:30:45 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e9d57be06e23 - releng/14.0 - libnv: correct the calculation of the structure's size Message-ID: <202409191330.48JDUj74045783@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/14.0 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=e9d57be06e23685c4f7e5045dd4959cb735f7dda commit e9d57be06e23685c4f7e5045dd4959cb735f7dda Author: Mariusz Zaborski <oshogbo@FreeBSD.org> AuthorDate: 2024-09-11 14:43:43 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2024-09-19 13:11:22 +0000 libnv: correct the calculation of the structure's size Reported by: Milosz Kaniewski <milosz.kaniewski@gmail.com> Approved by: so Security: FreeBSD-SA-24:16.libnv Security: CVE-2024-45287 (cherry picked from commit 7f4731ab67f1d3345aee6626eb83cc5ce00010f0) (cherry picked from commit 056c50c48be3e3828ef740d2fcce988a545e52aa) --- sys/contrib/libnv/nvlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/contrib/libnv/nvlist.c b/sys/contrib/libnv/nvlist.c index 64078b10973e..92d6e655876a 100644 --- a/sys/contrib/libnv/nvlist.c +++ b/sys/contrib/libnv/nvlist.c @@ -1029,7 +1029,7 @@ static bool nvlist_check_header(struct nvlist_header *nvlhdrp) { - if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(nvlhdrp)) { + if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(*nvlhdrp)) { ERRNO_SET(EINVAL); return (false); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409191330.48JDUj74045783>