diff options
| author | Emanuel KomĂnek <drake127@planescape.cz> | 2020-09-11 13:30:43 +0200 |
|---|---|---|
| committer | Matthew Endsley <mendsley@gmail.com> | 2020-10-17 05:10:18 -0700 |
| commit | 9fc6d1dc1daa99724ca636a645ffd40be4096cac (patch) | |
| tree | 587aabef98e4aa47b3ebf1e9ccc8da802fd41cee | |
| parent | 64ad986cb7bfa8b9145a2d48cd95986660b35d53 (diff) | |
| download | bsdiff-9fc6d1dc1daa99724ca636a645ffd40be4096cac.tar.gz | |
Fixes CVE-2014-9862 (https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/).
| -rw-r--r-- | bspatch.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -62,7 +62,9 @@ int bspatch(const uint8_t* old, int64_t oldsize, uint8_t* new, int64_t newsize, }; /* Sanity-check */ - if(newpos+ctrl[0]>newsize) + if (ctrl[0]<0 || ctrl[0]>INT_MAX || + ctrl[1]<0 || ctrl[1]>INT_MAX || + newpos+ctrl[0]>newsize) return -1; /* Read diff string */ |