diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2004-11-18 12:01:30 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2004-11-18 12:01:30 +0000 |
commit | 8c355b08895c92abe5fe4ecbe0f34f3cfb94ea1a (patch) | |
tree | fb1961c09902c6c30aca40f5c6c80b24d92ffce6 | |
parent | 405e2987cae2443cb19b3c1b0316c1e599cf03c8 (diff) | |
download | src-8c355b08895c92abe5fe4ecbe0f34f3cfb94ea1a.tar.gz src-8c355b08895c92abe5fe4ecbe0f34f3cfb94ea1a.zip |
Fix buffer overflow. This is FreeBSD-SA-04:16.fetch.
Approved by: des
Notes
Notes:
svn path=/head/; revision=137854
-rw-r--r-- | usr.bin/fetch/fetch.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/fetch/fetch.c b/usr.bin/fetch/fetch.c index ffcbc43d05dc..2834e0b5902c 100644 --- a/usr.bin/fetch/fetch.c +++ b/usr.bin/fetch/fetch.c @@ -584,7 +584,8 @@ fetch(char *URL, const char *path) /* suck in the data */ signal(SIGINFO, sig_handler); while (!sigint) { - if (us.size != -1 && us.size - count < B_size) + if (us.size != -1 && us.size - count < B_size && + us.size - count >= 0) size = us.size - count; else size = B_size; |