Date: Tue, 05 Dec 2017 07:14:38 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 224103] A possible out of bounds of memory in netinet/libalias/alias_sctp.c. Message-ID: <bug-224103-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224103 Bug ID: 224103 Summary: A possible out of bounds of memory in netinet/libalias/alias_sctp.c. Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: logwang@tencent.com In AliasSctpInit(): la->sctpNatTimer.TimerQ =3D sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ)); since SN_TIMER_QUEUE_SIZE is defined as SN_MAX_TIMER+2, and sn_calloc is defined as sn_malloc(x * n) if _SYS_MALLOC_H_ is defined, the size of callo= ced memory will be wrong, because the macro will be expanded to SN_MAX_TIMER+2*sizeof(struct sctpTimerQ). This was found when i compiled the code on Linux, i don't know whether it's= a problem or not if compiled on FreeBSD system. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224103-8>