Module Name: src
Committed By: riastradh
Date: Wed Sep 4 12:56:47 UTC 2024
Modified Files:
src/sys/external/bsd/libnv/dist: nvlist.c
Log Message:
libnv: Refuse nonsensically large header size in nvlist_check_header.
This avoids potential integer overflow in nvlist_recv, which is not
used in NetBSD. The only other user of nvlist_check_header is
nvlist_unpack_header, which verifies the header sizes matches the
framing and so is not affected by integer overflow.
Matches upstream FreeBSD change by Mariusz Zaborski
<osho...@freebsd.org>.
CVE-2024-45287
PR security/58652: libnv: Integer overflow and buffer overrun
vulnerabilities
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/sys/external/bsd/libnv/dist/nvlist.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
