Author: tuexen Date: Wed Oct 25 09:12:22 2017 New Revision: 324971 URL: https://svnweb.freebsd.org/changeset/base/324971
Log: Fix a bug reported by Felix Weinrank using the libfuzzer on the userland stack. MFC after: 3 days Modified: head/sys/netinet/sctp_auth.c Modified: head/sys/netinet/sctp_auth.c ============================================================================== --- head/sys/netinet/sctp_auth.c Wed Oct 25 05:55:13 2017 (r324970) +++ head/sys/netinet/sctp_auth.c Wed Oct 25 09:12:22 2017 (r324971) @@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_ /* now use the rest of the mbuf chain */ while ((m_tmp != NULL) && (size > 0)) { data = mtod(m_tmp, uint8_t *)+m_offset; - if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) { - memset(data, 0, SCTP_BUF_LEN(m_tmp)); - size -= SCTP_BUF_LEN(m_tmp); + if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) { + memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset); + size -= SCTP_BUF_LEN(m_tmp) - m_offset; } else { memset(data, 0, size); size = 0; _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"