bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libalpm/signing.c: prevent underflow in length_check

Browse source 
The length_check function could underflow if the provided buffer index
is greater than the signature buffer length, leading to an out of
bounds read.

Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Allan McRae 2024-01-25 23:39:47 +10:00
parent 6711d10f96
commit 16a2a79728
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/libalpm/signing.c
View file

@ -1044,7 +1044,7 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist)
static size_t length_check(size_t length, size_t position, size_t a, static size_t length_check(size_t length, size_t position, size_t a,
alpm_handle_t *handle, const char *identifier) alpm_handle_t *handle, const char *identifier)
{ {
if( a == 0 || length - position <= a) { if( a == 0 || position > length || length - position <= a) {
_alpm_log(handle, ALPM_LOG_ERROR, _alpm_log(handle, ALPM_LOG_ERROR,
_("%s: signature format error\n"), identifier); _("%s: signature format error\n"), identifier);
return -1; return -1;