From 9fc6d1dc1daa99724ca636a645ffd40be4096cac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emanuel=20Kom=C3=ADnek?= <drake127@planescape.cz>
Date: Fri, 11 Sep 2020 13:30:43 +0200
Subject: Fixes CVE-2014-9862
 (https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/).

---
 bspatch.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bspatch.c b/bspatch.c
index b544914..5860a80 100644
--- a/bspatch.c
+++ b/bspatch.c
@@ -62,7 +62,9 @@ int bspatch(const uint8_t* old, int64_t oldsize, uint8_t* new, int64_t newsize,
 		};
 
 		/* Sanity-check */
-		if(newpos+ctrl[0]>newsize)
+		if (ctrl[0]<0 || ctrl[0]>INT_MAX ||
+			ctrl[1]<0 || ctrl[1]>INT_MAX ||
+			newpos+ctrl[0]>newsize)
 			return -1;
 
 		/* Read diff string */
-- 
cgit v1.2.1