Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
libplist.4095
libplist-boo1035312-overflow-fixes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libplist-boo1035312-overflow-fixes.patch of Package libplist.4095
From fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325 Mon Sep 17 00:00:00 2001 From: Nikias Bassen <nikias@gmx.li> Date: Wed, 19 Apr 2017 19:32:34 +0200 Subject: [PATCH 17/31] bplist: Fix integer overflow check (offset table size) Backported by Mike Gorse <mgorse@suse.com> --- diff -urp libplist-1.12.orig/src/bplist.c libplist-1.12/src/bplist.c --- libplist-1.12.orig/src/bplist.c 2017-05-01 12:59:08.956613607 -0500 +++ libplist-1.12/src/bplist.c 2017-05-01 13:03:48.037796333 -0500 @@ -179,6 +179,20 @@ union plist_uint_ptr #endif +#ifndef __has_builtin +#define __has_builtin(x) 0 +#endif + +#if __has_builtin(__builtin_umulll_overflow) || __GNUC__ >= 5 +#define uint64_mul_overflow(a, b, r) __builtin_umulll_overflow(a, b, r) +#else +static int uint64_mul_overflow(uint64_t a, uint64_t b, uint64_t *res) +{ + *res = a * b; + return (a > UINT64_MAX / b); +} +#endif + #define NODE_IS_ROOT(x) (((node_t*)x)->isRoot) struct bplist_data { @@ -703,6 +717,7 @@ PLIST_API void plist_from_bin(const char uint64_t num_objects = 0; uint64_t root_object = 0; const char *offset_table = NULL; + uint64_t offset_table_size = 0; const char *start_data = NULL; const char *end_data = NULL; @@ -740,7 +755,10 @@ PLIST_API void plist_from_bin(const char if (offset_table < start_data || offset_table >= end_data) return; - if (offset_table + num_objects * offset_size > end_data) + if (uint64_mul_overflow(num_objects, offset_size, &offset_table_size)) + return; + + if ((offset_table + offset_table_size < offset_table) || (offset_table + offset_table_size > end_data)) return; struct bplist_data bplist;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
