colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

platform: fix possible out-of-bounds access with RA route masking

Browse Source 
If the prefix length was 128, that could cause an access beyond the
end of the array.  Found by Thomas Haller.
This commit is contained in:
Dan Williams
2013-12-03 14:12:55 -06:00
parent 7eb12a5b21
commit 6e73f01b6e
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/rdisc/nm-lndp-rdisc.c
View File

@@ -415,9 +415,13 @@ set_address_masked (struct in6_addr *dst, struct in6_addr *src, guint8 plen)
g_assert (src); g_assert (src);
g_assert (dst); g_assert (dst);
if (plen >= 128)
*dst = *src;
else {
memset (dst, 0, sizeof (*dst)); memset (dst, 0, sizeof (*dst));
memcpy (dst, src, nbytes); memcpy (dst, src, nbytes);
dst->s6_addr[nbytes] = (src->s6_addr[nbytes] & (0xFF << (8 - nbits))); dst->s6_addr[nbytes] = (src->s6_addr[nbytes] & (0xFF << (8 - nbits)));
}
} }
static int static int