Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Feb 2015 05:43:00 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r279262 - head/sys/netinet
Message-ID:  <201502250543.t1P5h00A083295@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Wed Feb 25 05:42:59 2015
New Revision: 279262
URL: https://svnweb.freebsd.org/changeset/base/279262

Log:
  Fix integer overflow in IGMP protocol.
  
  Security:	FreeBSD-SA-15:04.igmp
  Security:	CVE-2015-1414
  Found by:	Mateusz Kocielski, Logicaltrust
  Analyzed by:	Marek Kroemeke, Mateusz Kocielski (shm@NetBSD.org) and
  		22733db72ab3ed94b5f8a1ffcde850251fe6f466
  Submited by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
  Reviewed by:	bms

Modified:
  head/sys/netinet/igmp.c

Modified: head/sys/netinet/igmp.c
==============================================================================
--- head/sys/netinet/igmp.c	Wed Feb 25 04:30:23 2015	(r279261)
+++ head/sys/netinet/igmp.c	Wed Feb 25 05:42:59 2015	(r279262)
@@ -1539,8 +1539,8 @@ igmp_input(struct mbuf **mp, int *offp, 
 		case IGMP_VERSION_3: {
 				struct igmpv3 *igmpv3;
 				uint16_t igmpv3len;
-				uint16_t srclen;
-				int nsrc;
+				uint16_t nsrc;
+				int srclen;
 
 				IGMPSTAT_INC(igps_rcv_v3_queries);
 				igmpv3 = (struct igmpv3 *)igmp;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502250543.t1P5h00A083295>