netinet

Xin LI Tue, 24 Feb 2015 21:43:55 -0800

Author: delphij
Date: Wed Feb 25 05:42:59 2015
New Revision: 279262
URL: https://svnweb.freebsd.org/changeset/base/279262


Log:
  Fix integer overflow in IGMP protocol.
  
  Security:     FreeBSD-SA-15:04.igmp
  Security:     CVE-2015-1414
  Found by:     Mateusz Kocielski, Logicaltrust
  Analyzed by:  Marek Kroemeke, Mateusz Kocielski ([email protected]) and
                22733db72ab3ed94b5f8a1ffcde850251fe6f466
  Submited by:  Mariusz Zaborski <[email protected]>
  Reviewed by:  bms

Modified:
  head/sys/netinet/igmp.c

Modified: head/sys/netinet/igmp.c
==============================================================================
--- head/sys/netinet/igmp.c     Wed Feb 25 04:30:23 2015        (r279261)
+++ head/sys/netinet/igmp.c     Wed Feb 25 05:42:59 2015        (r279262)
@@ -1539,8 +1539,8 @@ igmp_input(struct mbuf **mp, int *offp, 
                case IGMP_VERSION_3: {
                                struct igmpv3 *igmpv3;
                                uint16_t igmpv3len;
-                               uint16_t srclen;
-                               int nsrc;
+                               uint16_t nsrc;
+                               int srclen;
 
                                IGMPSTAT_INC(igps_rcv_v3_queries);
                                igmpv3 = (struct igmpv3 *)igmp;
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"

svn commit: r279262 - head/sys/netinet

Reply via email to