upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix array overflow: If len=128, don't access [16] of a 16-byte IPv6

Browse source 
address, even if we subsequently ignore its value by applying a >>8
to it.

Reported by:	"Ted Unangst" <tedu@coverity.com>
Approved by:	rwatson (mentor), {ume, suz} (KAME)
This commit is contained in:
Colin Percival 2004-02-24 01:20:51 +00:00
parent 0973129743
commit 14135e2cfe
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/netinet6/in6.c
View file

@ -1830,7 +1830,8 @@ in6_are_prefix_equal(p1, p2, len)
if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
return (0);
if (p1->s6_addr[bytelen] >> (8 - bitlen) !=
if (bitlen != 0 &&
p1->s6_addr[bytelen] >> (8 - bitlen) !=
p2->s6_addr[bytelen] >> (8 - bitlen))
return (0);