From: kettenis <kettenis@openbsd.org>
Date: Sat, 6 Aug 2022 08:59:28 +0000 (+0000)
Subject: Prevent buffer overflow in OF_getpropintarray().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3685e9f5375beb307625fdc95497ae0db1660abe;p=openbsd

Prevent buffer overflow in OF_getpropintarray().

ok jsg@
---

diff --git a/sys/dev/ofw/fdt.c b/sys/dev/ofw/fdt.c
index 69e8065b582..def626ab548 100644
--- a/sys/dev/ofw/fdt.c
+++ b/sys/dev/ofw/fdt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fdt.c,v 1.28 2022/01/09 05:42:45 jsg Exp $	*/
+/*	$OpenBSD: fdt.c,v 1.29 2022/08/06 08:59:28 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2009 Dariusz Swiderski <sfires@sfires.net>
@@ -994,7 +994,7 @@ OF_getpropintarray(int handle, char *prop, uint32_t *buf, int buflen)
 	if (len < 0 || (len % sizeof(uint32_t)))
 		return -1;
 
-	for (i = 0; i < len / sizeof(uint32_t); i++)
+	for (i = 0; i < min(len, buflen) / sizeof(uint32_t); i++)
 		buf[i] = betoh32(buf[i]);
 
 	return len;