artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c2c0b0c) | patch
IP multicast sysctl mrtmfc must not write outside of allocation.
authorbluhm <bluhm@openbsd.org>
Sat, 6 Apr 2024 14:23:27 +0000 (14:23 +0000)
committerbluhm <bluhm@openbsd.org>
Sat, 6 Apr 2024 14:23:27 +0000 (14:23 +0000)
commit85fbf21ae5ae715c1219116d9e0049b963b7b3c6
treea5f2c191daf5188b22281b0a1530d7b342fc0790tree | snapshot
parentc2c0b0cf71ce557aae83f97fc19afa3becb5a76fcommit | diff
IP multicast sysctl mrtmfc must not write outside of allocation.

Reading sysctl mrt_sysctl_mfc() allocates memory to be copied back
to user.  Chunks of struct mfcinfo are copied from routing table
to linear heap memory.  If the allocated memory was not a multiple
the struct size, a struct mfcinfo could be copied to a partially
unallocated destination.  Check that the end of the struct is within
the allocation.

From Alfredo Ortega;  OK claudio@
sys/netinet/ip_mroute.c diff | blob | history
sys/netinet6/ip6_mroute.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim