diff options
| -rw-r--r-- | usr.bin/cvs/buf.c | 4 | ||||
| -rw-r--r-- | usr.bin/cvs/file.c | 9 | ||||
| -rw-r--r-- | usr.bin/cvs/logmsg.c | 5 | ||||
| -rw-r--r-- | usr.bin/cvs/update.c | 5 |
4 files changed, 17 insertions, 6 deletions
diff --git a/usr.bin/cvs/buf.c b/usr.bin/cvs/buf.c index b7e274c1c86..40133545593 100644 --- a/usr.bin/cvs/buf.c +++ b/usr.bin/cvs/buf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buf.c,v 1.70 2008/03/08 11:53:36 joris Exp $ */ +/* $OpenBSD: buf.c,v 1.71 2008/03/09 01:02:38 tobias Exp $ */ /* * Copyright (c) 2003 Jean-Francois Brousseau <jfb@openbsd.org> * All rights reserved. @@ -102,6 +102,8 @@ cvs_buf_load_fd(int fd) if (lseek(fd, 0, SEEK_SET) == -1) fatal("cvs_buf_load_fd: lseek: %s", strerror(errno)); + if (st.st_size > SIZE_MAX) + fatal("cvs_buf_load_fd: file size too big"); buf = cvs_buf_alloc(st.st_size); if (atomicio(read, fd, buf->cb_buf, buf->cb_size) != buf->cb_size) fatal("cvs_buf_load_fd: read: %s", strerror(errno)); diff --git a/usr.bin/cvs/file.c b/usr.bin/cvs/file.c index 24cf94c5f4d..7f520b4864f 100644 --- a/usr.bin/cvs/file.c +++ b/usr.bin/cvs/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.227 2008/03/08 20:26:34 joris Exp $ */ +/* $OpenBSD: file.c,v 1.228 2008/03/09 01:02:38 tobias Exp $ */ /* * Copyright (c) 2006 Joris Vink <joris@openbsd.org> * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org> @@ -430,6 +430,9 @@ cvs_file_walkdir(struct cvs_file *cf, struct cvs_recursion *cr) fatal("cvs_file_walkdir: %s %s", cf->file_path, strerror(errno)); + if (st.st_size > SIZE_MAX) + fatal("cvs_file_walkdir: %s: file size too big", cf->file_name); + bufsize = st.st_size; if (bufsize < st.st_blksize) bufsize = st.st_blksize; @@ -967,7 +970,7 @@ cvs_file_cmp(const char *file1, const char *file2) if (S_ISREG(stb1.st_mode)) { void *p1, *p2; - if (stb1.st_size > (off_t)SIZE_MAX) { + if (stb1.st_size > SIZE_MAX) { ret = 1; goto out; } @@ -1024,7 +1027,7 @@ cvs_file_copy(const char *from, const char *to) char *p; int saved_errno; - if (st.st_size > (off_t)SIZE_MAX) { + if (st.st_size > SIZE_MAX) { ret = -1; goto out; } diff --git a/usr.bin/cvs/logmsg.c b/usr.bin/cvs/logmsg.c index fa2fd795a61..0445e653899 100644 --- a/usr.bin/cvs/logmsg.c +++ b/usr.bin/cvs/logmsg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logmsg.c,v 1.46 2008/02/11 20:33:11 tobias Exp $ */ +/* $OpenBSD: logmsg.c,v 1.47 2008/03/09 01:02:38 tobias Exp $ */ /* * Copyright (c) 2007 Joris Vink <joris@openbsd.org> * @@ -57,6 +57,9 @@ cvs_logmsg_read(const char *path) if ((fp = fdopen(fd, "r")) == NULL) fatal("cvs_logmsg_read: fdopen %s", strerror(errno)); + if (st.st_size > SIZE_MAX) + fatal("cvs_buf_load_fd: %s: file size too big", path); + lbuf = NULL; bp = cvs_buf_alloc(st.st_size); while ((buf = fgetln(fp, &len))) { diff --git a/usr.bin/cvs/update.c b/usr.bin/cvs/update.c index 45f886337b4..f8ba7d8d61a 100644 --- a/usr.bin/cvs/update.c +++ b/usr.bin/cvs/update.c @@ -1,4 +1,4 @@ -/* $OpenBSD: update.c,v 1.138 2008/03/08 22:54:58 joris Exp $ */ +/* $OpenBSD: update.c,v 1.139 2008/03/09 01:02:38 tobias Exp $ */ /* * Copyright (c) 2006 Joris Vink <joris@openbsd.org> * @@ -245,6 +245,9 @@ cvs_update_leavedir(struct cvs_file *cf) if (bufsize < st.st_blksize) bufsize = st.st_blksize; + if (st.st_size > SIZE_MAX) + fatal("cvs_buf_load_fd: %s: file size too big", cf->file_name); + isempty = 1; buf = xmalloc(bufsize); |