mkhtemp rand: fix theoretical integer overflow

extremely theoretical, with a T. T for theoretical. Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-26 09:04:30 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 09:04:30 +0000
commit: 8e8f7bced44c5f61e390e81d8a84a93099358453 (patch)
tree: 4c193fc3dd9a4a3e14bb8ec1037d0123dba64aee
parent: d6087901c107d45123a57d5fc905314aac7969c7 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c
index 3b20ab65..63cb3fcd 100644
--- a/util/libreboot-utils/lib/rand.c
+++ b/util/libreboot-utils/lib/rand.c
@@ -126,7 +126,7 @@ mkrstr(size_t n) /* emulates spkmodem-decode */
 	if (n == 0)
 		err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request");
 
-	if (n == SIZE_MAX)
+	if (n >= SIZE_MAX - 1)
 		err_no_cleanup(0, EOVERFLOW, "mkrbuf: overflow");
 
 	if (if_err((s = mkrbuf(n + 1)) == NULL, EFAULT))
@@ -149,6 +149,9 @@ mkrbuf(size_t n)
 	if (n == 0)
 		err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request");
 
+	if (n >= SIZE_MAX - 1)
+		err_no_cleanup(0, EOVERFLOW, "integer overflow in mkrbuf");
+
 	if ((buf = malloc(n)) == NULL)
 		err_no_cleanup(0, ENOMEM, "mkrbuf: malloc");
author	Leah Rowe <leah@libreboot.org>	2026-03-26 09:04:30 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 09:04:30 +0000
commit	8e8f7bced44c5f61e390e81d8a84a93099358453 (patch)
tree	4c193fc3dd9a4a3e14bb8ec1037d0123dba64aee
parent	d6087901c107d45123a57d5fc905314aac7969c7 (diff)