From 4ee584d1cc651b9731066e3e7acefe60c552f17c Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@cvs.openbsd.org>
Date: Sun, 9 Mar 2008 01:02:39 +0000
Subject: While allocation memory, make sure that file sizes are smaller than
 SIZE_MAX.

ok joris
---
 usr.bin/cvs/buf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'usr.bin/cvs/buf.c')

diff --git a/usr.bin/cvs/buf.c b/usr.bin/cvs/buf.c
index b7e274c1c86..40133545593 100644
--- a/usr.bin/cvs/buf.c
+++ b/usr.bin/cvs/buf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: buf.c,v 1.70 2008/03/08 11:53:36 joris Exp $	*/
+/*	$OpenBSD: buf.c,v 1.71 2008/03/09 01:02:38 tobias Exp $	*/
 /*
  * Copyright (c) 2003 Jean-Francois Brousseau <jfb@openbsd.org>
  * All rights reserved.
@@ -102,6 +102,8 @@ cvs_buf_load_fd(int fd)
 	if (lseek(fd, 0, SEEK_SET) == -1)
 		fatal("cvs_buf_load_fd: lseek: %s", strerror(errno));
 
+	if (st.st_size > SIZE_MAX)
+		fatal("cvs_buf_load_fd: file size too big");
 	buf = cvs_buf_alloc(st.st_size);
 	if (atomicio(read, fd, buf->cb_buf, buf->cb_size) != buf->cb_size)
 		fatal("cvs_buf_load_fd: read: %s", strerror(errno));
-- 
cgit v1.2.3