From 11c15905cd4759b89a1da63d05772c1f7c3744a4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 1 Aug 2024 12:03:54 +0900
Subject: [PATCH] import: check overflow

Fixes CID#1548022 and CID#1548075.

(cherry picked from commit f7012a93a7f04fa29c7933a4963aa17fcf120e97)
---
 src/import/import-raw.c | 5 +++++
 src/import/import-tar.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/import/import-raw.c b/src/import/import-raw.c
index ee9b297bfe..78775b96d6 100644
--- a/src/import/import-raw.c
+++ b/src/import/import-raw.c
@@ -409,6 +409,11 @@ static int raw_import_process(RawImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
diff --git a/src/import/import-tar.c b/src/import/import-tar.c
index 39df11b5ff..976c918246 100644
--- a/src/import/import-tar.c
+++ b/src/import/import-tar.c
@@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-- 
2.25.1