git: 417e81a40091 - releng/13.3 - libnv: correct the calculation of the structure's size
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Sep 2024 13:35:38 UTC
The branch releng/13.3 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=417e81a40091f7744c55139bfcad093c75426229 commit 417e81a40091f7744c55139bfcad093c75426229 Author: Mariusz Zaborski <oshogbo@FreeBSD.org> AuthorDate: 2024-09-11 14:43:43 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2024-09-19 13:12:37 +0000 libnv: correct the calculation of the structure's size Reported by: Milosz Kaniewski <milosz.kaniewski@gmail.com> Approved by: so Security: FreeBSD-SA-24:16.libnv Security: CVE-2024-45287 (cherry picked from commit 7f4731ab67f1d3345aee6626eb83cc5ce00010f0) (cherry picked from commit 056c50c48be3e3828ef740d2fcce988a545e52aa) (cherry picked from commit d84fced6b468a637b5a47bad747730fa344d68d8) --- sys/contrib/libnv/nvlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/contrib/libnv/nvlist.c b/sys/contrib/libnv/nvlist.c index e399d610a7ce..6934da0df00a 100644 --- a/sys/contrib/libnv/nvlist.c +++ b/sys/contrib/libnv/nvlist.c @@ -1029,7 +1029,7 @@ static bool nvlist_check_header(struct nvlist_header *nvlhdrp) { - if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(nvlhdrp)) { + if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(*nvlhdrp)) { ERRNO_SET(EINVAL); return (false); }