Page MenuHomeFreeBSD

bspatch: add sanity checks on sizes
ClosedPublic

Authored by emaste on Aug 23 2016, 11:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Sep 27, 12:19 AM
Unknown Object (File)
Thu, Sep 25, 10:22 PM
Unknown Object (File)
Sun, Sep 14, 11:27 PM
Unknown Object (File)
Sun, Sep 14, 4:43 AM
Unknown Object (File)
Sep 11 2025, 9:05 PM
Unknown Object (File)
Aug 1 2025, 4:00 AM
Unknown Object (File)
Jul 28 2025, 1:08 AM
Unknown Object (File)
Jul 27 2025, 10:12 PM
Subscribers

Details

Summary

Note that on i386 this introduces a new 2GB limit, but this is not a concern in practice. Also avoid allocating an extra byte in the old and new file content buffers.

Based on the "NON-CRYPTANALYTIC ATTACKS AGAINST FREEBSD UPDATE COMPONENTS" gist.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste retitled this revision from to bspatch: add sanity checks on sizes.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: allanjude, delphij, glebius.
emaste added a subscriber: cperciva.
usr.bin/bsdiff/bspatch/bspatch.c
76–77 ↗(On Diff #19599)

On i386 ssize_t is 4 bytes, so would truncate from offtin / lseek.

123 ↗(On Diff #19599)

SSIZE_MAX introduces a 2G limit, but we already had an implicit 2G limit for proper operation based on the previous newsize type.

155 ↗(On Diff #19599)

Same 2G argument as above.

allanjude edited edge metadata.
This revision is now accepted and ready to land.Aug 25 2016, 4:57 PM
cem added a reviewer: cem.
cem added a subscriber: cem.

Changes seem fine to me. This code is really ugly, though.

usr.bin/bsdiff/bspatch/bspatch.c
175 ↗(On Diff #19679)

The gist checks for newsize <= 0. Is zero a valid newsize?

usr.bin/bsdiff/bspatch/bspatch.c
175 ↗(On Diff #19679)

Yes, a zero byte output file is legitimate.

kib added a reviewer: kib.
This revision was automatically updated to reflect the committed changes.