patch for CVE-2012-2110 - incorrect?
I was examining the patch for security fix for 5.0:
part of the patch looks incorrect:
- if (!BUF_MEM_grow_clean(b,len+want))
+ if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
"len + want < len" should always be false unless "want" can be negative. If "want" could be negative and that is what the author was trying to detect, then the code should be written:
+ if (want < 0 || !BUF_MEM_grow_clean(b,len+want))
I realize the patch does not show the full source for the file. Am I missing something?
|Thread||Thread Starter||Forum||Replies||Last Post|
|Videos of Open Source Forum talks from CeBIT 2012||J65nko||News||0||23rd March 2012 12:44 AM|
|Fosdem 2012 (4-5 February) Brussels -Belgium||J65nko||News||0||22nd January 2012 07:51 PM|
|Patch question||Mr-Biscuit||Off-Topic||6||4th May 2010 07:47 PM|
|Patch for libXemu-1.0.3,1||mjj||FreeBSD Installation and Upgrading||1||3rd January 2010 08:47 PM|
|Incorrect df results (not -h, not a FAQ)||nathang||FreeBSD General||5||8th June 2008 06:44 AM|