creds: assert that credential read from file fits in data struct

Coverity CID#1458114
author: Luca Boccassi <luca.boccassi@microsoft.com> 2021-08-03 14:53:31 +0100
committer: Luca Boccassi <luca.boccassi@microsoft.com> 2021-08-03 14:56:28 +0100
commit: 8954e891959448783e66ec5ee7a6bb6d4a0be82f (patch)
tree: fe42f055408605284f5cf7ee9513a9767be76720
parent: Merge pull request #20346 from poettering/strlen-unsigned-fix (diff)
download: systemd-8954e891959448783e66ec5ee7a6bb6d4a0be82f.tar.xz
systemd-8954e891959448783e66ec5ee7a6bb6d4a0be82f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index ee279e0c9c1..3bc5fbef512 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -299,6 +299,8 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
                         if (ret) {
                                 void *copy;
 
+                                assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */
+
                                 copy = memdup(f->data, sz);
                                 if (!copy)
                                         return -ENOMEM;
author	Luca Boccassi <luca.boccassi@microsoft.com>	2021-08-03 14:53:31 +0100
committer	Luca Boccassi <luca.boccassi@microsoft.com>	2021-08-03 14:56:28 +0100
commit	8954e891959448783e66ec5ee7a6bb6d4a0be82f (patch)
tree	fe42f055408605284f5cf7ee9513a9767be76720
parent	Merge pull request #20346 from poettering/strlen-unsigned-fix (diff)
download	systemd-8954e891959448783e66ec5ee7a6bb6d4a0be82f.tar.xz systemd-8954e891959448783e66ec5ee7a6bb6d4a0be82f.zip