crypt-burn: Add sanity check for buffer length
authorTobias Brunner <tobias@strongswan.org>
Mon, 2 Mar 2020 16:36:33 +0000 (17:36 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 3 Mar 2020 10:32:31 +0000 (11:32 +0100)
This value is passed to chunk_alloc(), which LGTM complains about.

scripts/crypt_burn.c

index 3bd36d2..bf338f0 100644 (file)
@@ -196,6 +196,11 @@ int main(int argc, char *argv[])
        if (argc > 2)
        {
                len = atoi(argv[2]);
+               if (len > (2^30))
+               {
+                       fprintf(stderr, "buffer too large (1 GiB limit)\n");
+                       return 1;
+               }
        }
        if (argc > 3)
        {