SECURITY: a second negative store guard

author Phil Pennock <phil+git@pennock-tech.com>

Fri, 30 Oct 2020 01:30:04 +0000 (21:30 -0400)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Tue, 27 Apr 2021 22:40:22 +0000 (00:40 +0200)
author Phil Pennock <phil+git@pennock-tech.com>
Fri, 30 Oct 2020 01:30:04 +0000 (21:30 -0400)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:22 +0000 (00:40 +0200)
diff --git a/src/src/store.c b/src/src/store.c

index 90da012fb1f7f62066db693e750d0106dd6c231f..1e6259c1882f1d7bc33ce39d56e3177216f2e2e7 100644 (file)
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -390,6 +390,13 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
  int inc = newsize - oldsize;
  int rounded_oldsize = oldsize;
  
+if (newsize < 0)
+  {
+  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+            "bad memory extension requested (%d -> %d bytes) at %s %d",
+            oldsize, newsize, func, linenumber);
+  }
+
  /* Check that the block being extended was already of the required taint status;
  refuse to extend if not. */
author	Phil Pennock <phil+git@pennock-tech.com>
	Fri, 30 Oct 2020 01:30:04 +0000 (21:30 -0400)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Tue, 27 Apr 2021 22:40:22 +0000 (00:40 +0200)