git: c291b7914e1d - main - tarfs: Avoid overflow in exthdr calculation.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Mar 2024 16:24:31 UTC
The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=c291b7914e1db9469cc820abcb1f5dde7a6f7f28 commit c291b7914e1db9469cc820abcb1f5dde7a6f7f28 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2024-03-06 16:13:54 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2024-03-06 16:13:54 +0000 tarfs: Avoid overflow in exthdr calculation. MFC after: 3 days PR: 277420 Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D44202 --- sys/fs/tarfs/tarfs_vfsops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/fs/tarfs/tarfs_vfsops.c b/sys/fs/tarfs/tarfs_vfsops.c index df8ad240d032..05014bf10373 100644 --- a/sys/fs/tarfs/tarfs_vfsops.c +++ b/sys/fs/tarfs/tarfs_vfsops.c @@ -583,7 +583,8 @@ again: error = EINVAL; goto bad; } - if (line + len > exthdr + sz) { + if ((uintptr_t)line + len < (uintptr_t)line || + line + len > exthdr + sz) { TARFS_DPF(ALLOC, "%s: exthdr overflow\n", __func__); error = EINVAL;