diff options
author | Lucas De Marchi <lucas.demarchi@profusion.mobi> | 2012-06-06 09:36:29 -0300 |
---|---|---|
committer | Lucas De Marchi <lucas.demarchi@profusion.mobi> | 2012-06-06 09:36:29 -0300 |
commit | 5b05c327255405622400a6873fd955e1b5ef1aae (patch) | |
tree | 469f4f400c909ca5442585596bac4f4ed5e6e8a4 | |
parent | 01d9ee642d4e592e0be7581ac52c86e78df4d88c (diff) | |
download | kmod-5b05c327255405622400a6873fd955e1b5ef1aae.tar.gz |
libkmod-index: protect ourselves from corrupted indexes
If index is shorter than 12 bytes, we couldn't even read its header. Go
to error handling in this case.
-rw-r--r-- | libkmod/libkmod-index.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/libkmod/libkmod-index.c b/libkmod/libkmod-index.c index 4ab4ed5..a5933e2 100644 --- a/libkmod/libkmod-index.c +++ b/libkmod/libkmod-index.c @@ -798,12 +798,14 @@ struct index_mm *index_mm_open(struct kmod_ctx *ctx, const char *filename, } fstat(fd, &st); + if ((size_t) st.st_size < sizeof(hdr)) + goto fail_nommap; if ((idx->mm = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) == MAP_FAILED) { ERR(ctx, "mmap(0, %"PRIu64", PROT_READ, %d, MAP_PRIVATE, 0): %m\n", st.st_size, fd); - goto fail; + goto fail_nommap; } p = idx->mm; @@ -833,9 +835,9 @@ struct index_mm *index_mm_open(struct kmod_ctx *ctx, const char *filename, return idx; fail: + munmap(idx->mm, st.st_size); +fail_nommap: close(fd); - if (idx->mm != MAP_FAILED) - munmap(idx->mm, st.st_size); fail_open: free(idx); return NULL; |