diff options
| author |   deraadt <deraadt@openbsd.org> | 2019-01-10 19:21:02 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2019-01-10 19:21:02 +0000 |
| commit | fb6f09fabed3947dfb753fbe04836a9d26317660 (patch) | |
| tree | 0c38a35ff6d690e8793c0882797cc083842ddcef | |
| parent | unbreak vmd build (diff) | |
| download | wireguard-openbsd-fb6f09fabed3947dfb753fbe04836a9d26317660.tar.xz wireguard-openbsd-fb6f09fabed3947dfb753fbe04836a9d26317660.zip | |
an alloca() snuck into the tree. We don't use alloca() in our tree unless
it is entirely unavoidable (for example libc/*/exec.c), because any erroneous
size controlled by an attacker turns into a known-location object placement
in a very dangerous region. So use malloc() instead.
| -rw-r--r-- | usr.sbin/vmd/vioqcow2.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/vmd/vioqcow2.c b/usr.sbin/vmd/vioqcow2.c index 185e8178946..678ed4f8eef 100644 --- a/usr.sbin/vmd/vioqcow2.c +++ b/usr.sbin/vmd/vioqcow2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vioqcow2.c,v 1.12 2018/11/26 10:39:30 reyk Exp $ */ +/* $OpenBSD: vioqcow2.c,v 1.13 2019/01/10 19:21:02 deraadt Exp $ */ /* * Copyright (c) 2018 Ori Bernstein <ori@eigenstate.org> @@ -559,7 +559,7 @@ copy_cluster(struct qcdisk *disk, struct qcdisk *base, off_t dst, off_t src) { char *scratch; - scratch = alloca(disk->clustersz); + scratch = malloc(disk->clustersz); if (!scratch) fatal("out of memory"); src &= ~(disk->clustersz - 1); @@ -568,6 +568,7 @@ copy_cluster(struct qcdisk *disk, struct qcdisk *base, off_t dst, off_t src) fatal("%s: could not read cluster", __func__); if (pwrite(disk->fd, scratch, disk->clustersz, dst) == -1) fatal("%s: could not write cluster", __func__); + free(scratch); } static void |