diff options
| author |   rob <rob@openbsd.org> | 2019-06-01 19:40:05 +0000 |
|---|---|---|
| committer | rob <rob@openbsd.org> | 2019-06-01 19:40:05 +0000 |
| commit | 260378df22734fea7212fda8d77055b2aee219d3 (patch) | |
| tree | 2ffa912c7845485fdafafe0ef12b4b4f62e21fec | |
| parent | Bump VM_MAX_KERNEL_ADDRESS so that we have about 16G of KVA. Since (diff) | |
| download | wireguard-openbsd-260378df22734fea7212fda8d77055b2aee219d3.tar.xz wireguard-openbsd-260378df22734fea7212fda8d77055b2aee219d3.zip | |
Limit maximum number of length octets to platform independent sizeof(int32_t).
Problem noticed by bluhm@. Discussed on hackers.
ok claudio@
| -rw-r--r-- | lib/libutil/ber.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/libutil/ber.c b/lib/libutil/ber.c index 42a8834e23f..3be9d93ecaf 100644 --- a/lib/libutil/ber.c +++ b/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.8 2019/05/21 13:29:44 rob Exp $ */ +/* $OpenBSD: ber.c,v 1.9 2019/06/01 19:40:05 rob Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter <reyk@openbsd.org> @@ -1164,7 +1164,10 @@ get_len(struct ber *b, ssize_t *len) } n = u & ~BER_TAG_MORE; - if (sizeof(ssize_t) < n) { + /* + * Limit to a decent size that works on all of our architectures. + */ + if (sizeof(int32_t) < n) { errno = ERANGE; return -1; } |