svn commit: r279263 - in stable: 10/sys/netinet 8/sys/netinet 9/sys/netinet
Xin LI
delphij at FreeBSD.org
Wed Feb 25 05:43:03 UTC 2015
Author: delphij
Date: Wed Feb 25 05:43:02 2015
New Revision: 279263
URL: https://svnweb.freebsd.org/changeset/base/279263
Log:
Instant MFC:
Fix integer overflow in IGMP protocol.
Security: FreeBSD-SA-15:04.igmp
Security: CVE-2015-1414
Found by: Mateusz Kocielski, Logicaltrust
Analyzed by: Marek Kroemeke, Mateusz Kocielski (shm at NetBSD.org) and
22733db72ab3ed94b5f8a1ffcde850251fe6f466
Submited by: Mariusz Zaborski <oshogbo at FreeBSD.org>
Reviewed by: bms
Approved by: so
Modified:
stable/9/sys/netinet/igmp.c
Changes in other areas also in this revision:
Modified:
stable/10/sys/netinet/igmp.c
stable/8/sys/netinet/igmp.c
Modified: stable/9/sys/netinet/igmp.c
==============================================================================
--- stable/9/sys/netinet/igmp.c Wed Feb 25 05:42:59 2015 (r279262)
+++ stable/9/sys/netinet/igmp.c Wed Feb 25 05:43:02 2015 (r279263)
@@ -1533,8 +1533,8 @@ igmp_input(struct mbuf *m, int off)
case IGMP_VERSION_3: {
struct igmpv3 *igmpv3;
uint16_t igmpv3len;
- uint16_t srclen;
- int nsrc;
+ uint16_t nsrc;
+ int srclen;
IGMPSTAT_INC(igps_rcv_v3_queries);
igmpv3 = (struct igmpv3 *)igmp;
More information about the svn-src-stable-9
mailing list