diff options
| author |   tobias <tobias@openbsd.org> | 2014-01-17 23:13:49 +0000 |
|---|---|---|
| committer | tobias <tobias@openbsd.org> | 2014-01-17 23:13:49 +0000 |
| commit | d5ea7024ae018b5a22c14703695026988019835a (patch) | |
| tree | 0de0ca981d27110ca3b9b6e774c81c4c1ff526c0 | |
| parent | Do not follow symlinks for -l and -L arguments. (diff) | |
| download | wireguard-openbsd-d5ea7024ae018b5a22c14703695026988019835a.tar.xz wireguard-openbsd-d5ea7024ae018b5a22c14703695026988019835a.zip | |
Validate file size before loading content into memory.
ok millert@
| -rw-r--r-- | usr.sbin/ppp/ppp/ipcp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.sbin/ppp/ppp/ipcp.c b/usr.sbin/ppp/ppp/ipcp.c index 535c5ad6443..90e42a238b7 100644 --- a/usr.sbin/ppp/ppp/ipcp.c +++ b/usr.sbin/ppp/ppp/ipcp.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: ipcp.c,v 1.44 2005/09/21 16:58:34 brad Exp $ + * $OpenBSD: ipcp.c,v 1.45 2014/01/17 23:13:49 tobias Exp $ */ #include <sys/param.h> @@ -192,7 +192,10 @@ ipcp_LoadDNS(struct ipcp *ipcp) if (fstat(fd, &st) == 0) { ssize_t got; - if ((ipcp->ns.resolv_nons = (char *)malloc(st.st_size + 1)) == NULL) + if (st.st_size >= SIZE_MAX) + log_Printf(LogERROR, "%s is too large: %llu\n", + _PATH_RESCONF, (unsigned long long)st.st_size); + else if ((ipcp->ns.resolv_nons = (char *)malloc(st.st_size + 1)) == NULL) log_Printf(LogERROR, "Failed to malloc %lu for %s: %s\n", (unsigned long)st.st_size, _PATH_RESCONF, strerror(errno)); else if ((ipcp->ns.resolv = (char *)malloc(st.st_size + 1)) == NULL) { |