libalpm/signing.c: prevent underflow in length_check
The length_check function could underflow if the provided buffer index is greater than the signature buffer length, leading to an out of bounds read. Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Allan McRae
parent
6711d10f96
commit
16a2a79728
1 changed files with 1 additions and 1 deletions
|
|
@ -1044,7 +1044,7 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist)
|
|||
static size_t length_check(size_t length, size_t position, size_t a,
|
||||
alpm_handle_t *handle, const char *identifier)
|
||||
{
|
||||
if( a == 0 || length - position <= a) {
|
||||
if( a == 0 || position > length || length - position <= a) {
|
||||
_alpm_log(handle, ALPM_LOG_ERROR,
|
||||
_("%s: signature format error\n"), identifier);
|
||||
return -1;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue