diff options
| author | cperciva <cperciva@FreeBSD.org> | 2004-02-24 01:20:51 +0000 |
|---|---|---|
| committer | cperciva <cperciva@FreeBSD.org> | 2004-02-24 01:20:51 +0000 |
| commit | 9678edca4faf1b61c1895429426ffb0eb7dcf14a (patch) | |
| tree | dabb71b83d37240e4d76edcca0566cb4890d84df | |
| parent | 1482f80711eab79db8dcc75f6f587579e49155fd (diff) | |
| download | FreeBSD-src-9678edca4faf1b61c1895429426ffb0eb7dcf14a.zip FreeBSD-src-9678edca4faf1b61c1895429426ffb0eb7dcf14a.tar.gz | |
Fix array overflow: If len=128, don't access [16] of a 16-byte IPv6
address, even if we subsequently ignore its value by applying a >>8
to it.
Reported by: "Ted Unangst" <tedu@coverity.com>
Approved by: rwatson (mentor), {ume, suz} (KAME)
| -rw-r--r-- | sys/netinet6/in6.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index d5bd36c..801472a 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1830,7 +1830,8 @@ in6_are_prefix_equal(p1, p2, len) if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) return (0); - if (p1->s6_addr[bytelen] >> (8 - bitlen) != + if (bitlen != 0 && + p1->s6_addr[bytelen] >> (8 - bitlen) != p2->s6_addr[bytelen] >> (8 - bitlen)) return (0); |
