git: 6c34dde83ee6 - main - igmp: Avoid an out-of-bounds access when zeroing counters
Mark Johnston
markj at FreeBSD.org
Wed May 5 21:13:05 UTC 2021
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=6c34dde83ee61fc0ba095dcfdac2f381f6bae007
commit 6c34dde83ee61fc0ba095dcfdac2f381f6bae007
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-05-05 21:06:23 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-05-05 21:12:51 +0000
igmp: Avoid an out-of-bounds access when zeroing counters
When verifying, byte-by-byte, that the user-supplied counters are
zero-filled, sysctl_igmp_stat() would check for zero before checking the
loop bound. Perform the checks in the correct order.
Reported by: KASAN
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
---
sys/netinet/igmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c
index 21bce1ff885a..ef0da5e5cb46 100644
--- a/sys/netinet/igmp.c
+++ b/sys/netinet/igmp.c
@@ -382,7 +382,7 @@ sysctl_igmp_stat(SYSCTL_HANDLER_ARGS)
* igps0 must be "all zero".
*/
p = (char *)&igps0;
- while (*p == '\0' && p < (char *)&igps0 + sizeof(igps0))
+ while (p < (char *)&igps0 + sizeof(igps0) && *p == '\0')
p++;
if (p != (char *)&igps0 + sizeof(igps0)) {
error = EINVAL;
More information about the dev-commits-src-all
mailing list