svn commit: r324971 - head/sys/netinet
Rodney W. Grimes
freebsd at pdx.rh.CN85.dnsmgr.net
Wed Oct 25 14:57:19 UTC 2017
[ Charset UTF-8 unsupported, converting... ]
> Author: tuexen
> Date: Wed Oct 25 09:12:22 2017
> New Revision: 324971
> URL: https://svnweb.freebsd.org/changeset/base/324971
>
> Log:
> Fix a bug reported by Felix Weinrank using the libfuzzer on the
> userland stack.
Please try to say what the bug was, why it was a bug, and
how it was fixed in any bug commit message.
External vague references are of little value when reading
through a files svn history.
Thanks,
>
> MFC after: 3 days
>
> Modified:
> head/sys/netinet/sctp_auth.c
>
> Modified: head/sys/netinet/sctp_auth.c
> ==============================================================================
> --- head/sys/netinet/sctp_auth.c Wed Oct 25 05:55:13 2017 (r324970)
> +++ head/sys/netinet/sctp_auth.c Wed Oct 25 09:12:22 2017 (r324971)
> @@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_
> /* now use the rest of the mbuf chain */
> while ((m_tmp != NULL) && (size > 0)) {
> data = mtod(m_tmp, uint8_t *)+m_offset;
> - if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) {
> - memset(data, 0, SCTP_BUF_LEN(m_tmp));
> - size -= SCTP_BUF_LEN(m_tmp);
> + if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) {
> + memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset);
> + size -= SCTP_BUF_LEN(m_tmp) - m_offset;
> } else {
> memset(data, 0, size);
> size = 0;
>
>
--
Rod Grimes rgrimes at freebsd.org
More information about the svn-src-head
mailing list