svn commit: r279263 - in stable: 10/sys/netinet 8/sys/netinet 9/sys/netinet

Xin LI delphij at FreeBSD.org
Wed Feb 25 05:43:03 UTC 2015


Author: delphij
Date: Wed Feb 25 05:43:02 2015
New Revision: 279263
URL: https://svnweb.freebsd.org/changeset/base/279263

Log:
  Instant MFC:
  
  Fix integer overflow in IGMP protocol.
  
  Security:	FreeBSD-SA-15:04.igmp
  Security:	CVE-2015-1414
  Found by:	Mateusz Kocielski, Logicaltrust
  Analyzed by:	Marek Kroemeke, Mateusz Kocielski (shm at NetBSD.org) and
  		22733db72ab3ed94b5f8a1ffcde850251fe6f466
  Submited by:	Mariusz Zaborski <oshogbo at FreeBSD.org>
  Reviewed by:	bms
  Approved by:	so

Modified:
  stable/9/sys/netinet/igmp.c

Changes in other areas also in this revision:
Modified:
  stable/10/sys/netinet/igmp.c
  stable/8/sys/netinet/igmp.c

Modified: stable/9/sys/netinet/igmp.c
==============================================================================
--- stable/9/sys/netinet/igmp.c	Wed Feb 25 05:42:59 2015	(r279262)
+++ stable/9/sys/netinet/igmp.c	Wed Feb 25 05:43:02 2015	(r279263)
@@ -1533,8 +1533,8 @@ igmp_input(struct mbuf *m, int off)
 		case IGMP_VERSION_3: {
 				struct igmpv3 *igmpv3;
 				uint16_t igmpv3len;
-				uint16_t srclen;
-				int nsrc;
+				uint16_t nsrc;
+				int srclen;
 
 				IGMPSTAT_INC(igps_rcv_v3_queries);
 				igmpv3 = (struct igmpv3 *)igmp;


More information about the svn-src-stable-9 mailing list