[Midnightbsd-cvs] src [6964] stable/0.5/sys/netinet/igmp.c: An integer overflow in computing the size of IGMPv3 data buffer can result
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Feb 25 09:32:11 EST 2015
Revision: 6964
http://svnweb.midnightbsd.org/src/?rev=6964
Author: laffer1
Date: 2015-02-25 09:32:10 -0500 (Wed, 25 Feb 2015)
Log Message:
-----------
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.
This can result in a DOS attack.
Modified Paths:
--------------
stable/0.5/sys/netinet/igmp.c
Modified: stable/0.5/sys/netinet/igmp.c
===================================================================
--- stable/0.5/sys/netinet/igmp.c 2015-02-25 14:30:33 UTC (rev 6963)
+++ stable/0.5/sys/netinet/igmp.c 2015-02-25 14:32:10 UTC (rev 6964)
@@ -1532,8 +1532,8 @@
case IGMP_VERSION_3: {
struct igmpv3 *igmpv3;
uint16_t igmpv3len;
- uint16_t srclen;
- int nsrc;
+ uint16_t nsrc;
+ int srclen;
IGMPSTAT_INC(igps_rcv_v3_queries);
igmpv3 = (struct igmpv3 *)igmp;
More information about the Midnightbsd-cvs
mailing list