artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ac50edb) | patch
The length value in bpf_movein() is casted to from size_t to u_int
authorbluhm <bluhm@openbsd.org>
Sun, 13 Feb 2022 23:11:10 +0000 (23:11 +0000)
committerbluhm <bluhm@openbsd.org>
Sun, 13 Feb 2022 23:11:10 +0000 (23:11 +0000)
commit4be097b868689c243276460b35b2ea492e330608
tree485dd6bb12208378ce1ff25e01e886fe20cb4e90tree | snapshot
parentac50edb2d8b8e2773369b50fd3bc121aba1a25dfcommit | diff
The length value in bpf_movein() is casted to from size_t to u_int
and then rounded before checking.  Put the same check before the
calculations to avoid overflow.
Reported-by: syzbot+6f29d23eca959c5a9705@syzkaller.appspotmail.com
OK claudio@
sys/net/bpf.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim