NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/53367: Integer overflow in usr.sbin/dumplfs
>Number: 53367
>Category: bin
>Synopsis: Integer overflow in usr.sbin/dumplfs
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 15 15:05:00 +0000 2018
>Originator: Thomas Barabosch
>Release: 7.1.2
>Organization:
Fraunhofer FKIE
>Environment:
>Description:
There is a memory allocation in usr.sbin/dumplfs/dumplfs.c with malloc that utilizes multiplication. This is considered harmful and it is better to utilize calloc. Furthermore, there is a possible null pointer reference since malloc may fail to allocate memory but there is no check for a NULL return value.
I've drafted a patch as a possible solution to this issue.
>How-To-Repeat:
>Fix:
--- usr.sbin/dumplfs/dumplfs.c 2018-05-14 00:00:49.651718558 +0200
+++ usr.sbin/dumplfs/dumplfs.c.patched 2018-06-15 16:54:43.556979202 +0200
@@ -680,8 +680,8 @@
} else {
el_size = sizeof(u_int32_t);
}
- datap = (char *)malloc(el_size * numblocks);
- memset(datap, 0, el_size * numblocks);
+ if ((datap = (char *)calloc(numblocks, el_size)) == NULL)
+ err(1, "calloc");
acc = 0;
addr += lfs_btofsb(lfsp, lfs_sb_getsumsize(lfsp));
buf = malloc(lfs_sb_getbsize(lfsp));
Home |
Main Index |
Thread Index |
Old Index