Avoid integer overflow, as reported by Rodrigo Rubira Branco in a
message to full-disclosure: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html Also see comment from bouyer@: http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html
This commit is contained in:
elad
parent
f93e215353
commit
4bfbbae383
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: fwdev.c,v 1.6 2006/11/16 01:32:59 christos Exp $ */
|
||||
/* $NetBSD: fwdev.c,v 1.7 2006/11/16 14:35:07 elad Exp $ */
|
||||
/*-
|
||||
* Copyright (c) 2003 Hidetoshi Shimokawa
|
||||
* Copyright (c) 1998-2002 Katsushi Kobayashi and Hidetoshi Shimokawa
|
||||
|
|
@ -845,7 +845,7 @@ out:
|
|||
else
|
||||
len = fwdev->rommax - CSRROMOFF + 4;
|
||||
}
|
||||
if (crom_buf->len < len)
|
||||
if (crom_buf->len > 0 && crom_buf->len < len)
|
||||
len = crom_buf->len;
|
||||
else
|
||||
crom_buf->len = len;
|
||||
|
|
|
|||
Loading…
Reference in New Issue