From 5fece840df57b2ab56ca72e6356317239a7bb52e Mon Sep 17 00:00:00 2001 From: jasper Date: Sun, 21 Aug 2022 12:52:10 +0000 Subject: [PATCH] prevent buffer overflow in OF_getpropint64array() just like -r1.28 did for OF_getpropintarray() ok kettenis@ --- sys/dev/ofw/fdt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/ofw/fdt.c b/sys/dev/ofw/fdt.c index def626ab548..9de907d6693 100644 --- a/sys/dev/ofw/fdt.c +++ b/sys/dev/ofw/fdt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fdt.c,v 1.29 2022/08/06 08:59:28 kettenis Exp $ */ +/* $OpenBSD: fdt.c,v 1.30 2022/08/21 12:52:10 jasper Exp $ */ /* * Copyright (c) 2009 Dariusz Swiderski @@ -1023,7 +1023,7 @@ OF_getpropint64array(int handle, char *prop, uint64_t *buf, int buflen) if (len < 0 || (len % sizeof(uint64_t))) return -1; - for (i = 0; i < len / sizeof(uint64_t); i++) + for (i = 0; i < min(len, buflen) / sizeof(uint64_t); i++) buf[i] = betoh64(buf[i]); return len; -- 2.20.1