Author: tuexen
Date: Wed Oct 25 09:12:22 2017
New Revision: 324971
URL: https://svnweb.freebsd.org/changeset/base/324971
Log:
Fix a bug reported by Felix Weinrank using the libfuzzer on the
userland stack.
MFC after: 3 days
Modified:
head/sys/netinet/sctp_auth.c
Modified: head/sys/netinet/sctp_auth.c
==============================================================================
--- head/sys/netinet/sctp_auth.c Wed Oct 25 05:55:13 2017
(r324970)
+++ head/sys/netinet/sctp_auth.c Wed Oct 25 09:12:22 2017
(r324971)
@@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_
/* now use the rest of the mbuf chain */
while ((m_tmp != NULL) && (size > 0)) {
data = mtod(m_tmp, uint8_t *)+m_offset;
- if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) {
- memset(data, 0, SCTP_BUF_LEN(m_tmp));
- size -= SCTP_BUF_LEN(m_tmp);
+ if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) {
+ memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset);
+ size -= SCTP_BUF_LEN(m_tmp) - m_offset;
} else {
memset(data, 0, size);
size = 0;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
