mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-21 18:50:50 +01:00
linker: Handle a truncated hints file properly
If vattr.va_size is 0, we will end up accessing invalid memory. This is mostly harmless (because malloc(0) still allocates some memory), but it triggers a KASAN report. PR: 282268 Reviewed by: christos, imp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47240
This commit is contained in:
parent
dab59af3bc
commit
b5149b2653
@ -2030,6 +2030,10 @@ linker_hints_lookup(const char *path, int pathlen, const char *modname,
|
|||||||
printf("linker.hints file too large %ld\n", (long)vattr.va_size);
|
printf("linker.hints file too large %ld\n", (long)vattr.va_size);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
if (vattr.va_size < sizeof(ival)) {
|
||||||
|
printf("linker.hints file truncated\n");
|
||||||
|
goto bad;
|
||||||
|
}
|
||||||
hints = malloc(vattr.va_size, M_TEMP, M_WAITOK);
|
hints = malloc(vattr.va_size, M_TEMP, M_WAITOK);
|
||||||
error = vn_rdwr(UIO_READ, nd.ni_vp, (caddr_t)hints, vattr.va_size, 0,
|
error = vn_rdwr(UIO_READ, nd.ni_vp, (caddr_t)hints, vattr.va_size, 0,
|
||||||
UIO_SYSSPACE, IO_NODELOCKED, cred, NOCRED, &reclen, td);
|
UIO_SYSSPACE, IO_NODELOCKED, cred, NOCRED, &reclen, td);
|
||||||
|
Loading…
Reference in New Issue
Block a user