diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2021-05-05 21:06:23 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-05-05 21:12:51 +0000 |
| commit | 6c34dde83ee61fc0ba095dcfdac2f381f6bae007 (patch) | |
| tree | 9ccde018390038ab06443d3e0949df97280ccf8f /sys/netinet/igmp.c | |
| parent | 9a7c2de36460cdb916734a6969aac666707a639b (diff) | |
| download | src-6c34dde83ee61fc0ba095dcfdac2f381f6bae007.tar.gz src-6c34dde83ee61fc0ba095dcfdac2f381f6bae007.zip | |
igmp: Avoid an out-of-bounds access when zeroing counters
When verifying, byte-by-byte, that the user-supplied counters are
zero-filled, sysctl_igmp_stat() would check for zero before checking the
loop bound. Perform the checks in the correct order.
Reported by: KASAN
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'sys/netinet/igmp.c')
| -rw-r--r-- | sys/netinet/igmp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 21bce1ff885a..ef0da5e5cb46 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -382,7 +382,7 @@ sysctl_igmp_stat(SYSCTL_HANDLER_ARGS) * igps0 must be "all zero". */ p = (char *)&igps0; - while (*p == '\0' && p < (char *)&igps0 + sizeof(igps0)) + while (p < (char *)&igps0 + sizeof(igps0) && *p == '\0') p++; if (p != (char *)&igps0 + sizeof(igps0)) { error = EINVAL; |