git: 82c84b850146 - stable/13 - igmp: Avoid an out-of-bounds access when zeroing counters
Mark Johnston
markj at FreeBSD.org
Wed May 12 13:31:48 UTC 2021
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=82c84b850146e9c2ef7e6ea1b96e5d886d8cb2ad
commit 82c84b850146e9c2ef7e6ea1b96e5d886d8cb2ad
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-05-05 21:06:23 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-05-12 13:31:39 +0000
igmp: Avoid an out-of-bounds access when zeroing counters
When verifying, byte-by-byte, that the user-supplied counters are
zero-filled, sysctl_igmp_stat() would check for zero before checking the
loop bound. Perform the checks in the correct order.
Reported by: KASAN
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6c34dde83ee61fc0ba095dcfdac2f381f6bae007)
---
sys/netinet/igmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c
index 21bce1ff885a..ef0da5e5cb46 100644
--- a/sys/netinet/igmp.c
+++ b/sys/netinet/igmp.c
@@ -382,7 +382,7 @@ sysctl_igmp_stat(SYSCTL_HANDLER_ARGS)
* igps0 must be "all zero".
*/
p = (char *)&igps0;
- while (*p == '\0' && p < (char *)&igps0 + sizeof(igps0))
+ while (p < (char *)&igps0 + sizeof(igps0) && *p == '\0')
p++;
if (p != (char *)&igps0 + sizeof(igps0)) {
error = EINVAL;
More information about the dev-commits-src-all
mailing list