!2980 函数ParseUeventdConfigFile里面的st_size有缓冲区溢出风险问题修复

Merge pull request !2980 from zl郑磊/0717_master

interfaces/innerkits/fs_manager/erofs_overlay/erofs_mount_overlay.c

@@ -149,6 +149,10 @@ static uint64_t GetFsSize(int fd)
             return 0;
         }
     } else if (S_ISREG(st.st_mode)) {
+        if (st.st_size < 0) {
+            BEGET_LOGE("st_size is not right. st_size: %lld", st.st_size);
+            return 0;
+        }
         size = (uint64_t)st.st_size;
     } else {
         BEGET_LOGE("unspported type st_mode:[%llu]", st.st_mode);

ueventd/ueventd_read_cfg.c

@@ -32,6 +32,7 @@
 
 // default item count in config files
 #define DEFAULTITEMCOUNT (50)
+#define MAX_CONFIGURE_SIZE (1024 * 1024 * 16)
 
 typedef enum SECTION {
     SECTION_INVALID = -1,
@@ -255,6 +256,11 @@ void ParseUeventdConfigFile(const char *file)
     }
 
     // st_size should never be less than 0
+    if (st.st_size < 0 || st.st_size > MAX_CONFIGURE_SIZE) {
+        INIT_LOGE("Invalid configure file with size");
+        close(fd);
+        return;
+    }
     size_t size = (size_t)st.st_size;
     char *buffer = malloc(size + 1);
     if (buffer == NULL) {