svn commit: r279262 - head/sys/netinet
Xin LI
delphij at FreeBSD.org
Wed Feb 25 05:43:00 UTC 2015
Author: delphij
Date: Wed Feb 25 05:42:59 2015
New Revision: 279262
URL: https://svnweb.freebsd.org/changeset/base/279262
Log:
Fix integer overflow in IGMP protocol.
Security: FreeBSD-SA-15:04.igmp
Security: CVE-2015-1414
Found by: Mateusz Kocielski, Logicaltrust
Analyzed by: Marek Kroemeke, Mateusz Kocielski (shm at NetBSD.org) and
22733db72ab3ed94b5f8a1ffcde850251fe6f466
Submited by: Mariusz Zaborski <oshogbo at FreeBSD.org>
Reviewed by: bms
Modified:
head/sys/netinet/igmp.c
Modified: head/sys/netinet/igmp.c
==============================================================================
--- head/sys/netinet/igmp.c Wed Feb 25 04:30:23 2015 (r279261)
+++ head/sys/netinet/igmp.c Wed Feb 25 05:42:59 2015 (r279262)
@@ -1539,8 +1539,8 @@ igmp_input(struct mbuf **mp, int *offp,
case IGMP_VERSION_3: {
struct igmpv3 *igmpv3;
uint16_t igmpv3len;
- uint16_t srclen;
- int nsrc;
+ uint16_t nsrc;
+ int srclen;
IGMPSTAT_INC(igps_rcv_v3_queries);
igmpv3 = (struct igmpv3 *)igmp;
More information about the svn-src-head
mailing list