svn commit: r332218 - stable/11/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Sat Apr 7 20:03:36 UTC 2018
Author: tuexen
Date: Sat Apr 7 20:03:35 2018
New Revision: 332218
URL: https://svnweb.freebsd.org/changeset/base/332218
Log:
MFC r324971:
Fix a bug reported by Felix Weinrank using the libfuzzer on the
userland stack.
Modified:
stable/11/sys/netinet/sctp_auth.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_auth.c
==============================================================================
--- stable/11/sys/netinet/sctp_auth.c Sat Apr 7 20:02:08 2018 (r332217)
+++ stable/11/sys/netinet/sctp_auth.c Sat Apr 7 20:03:35 2018 (r332218)
@@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_
/* now use the rest of the mbuf chain */
while ((m_tmp != NULL) && (size > 0)) {
data = mtod(m_tmp, uint8_t *)+m_offset;
- if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) {
- memset(data, 0, SCTP_BUF_LEN(m_tmp));
- size -= SCTP_BUF_LEN(m_tmp);
+ if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) {
+ memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset);
+ size -= SCTP_BUF_LEN(m_tmp) - m_offset;
} else {
memset(data, 0, size);
size = 0;
More information about the svn-src-stable-11
mailing list