From: Jo-Philipp Wich Date: Wed, 17 Sep 2014 17:49:53 +0000 (+0200) Subject: utils: fix invalid memory access in fw3_bitlen2netmask() X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7c63f4f5a9983f9b81d90cfdf09e6fca0cfbf52d;p=oweals%2Ffirewall3.git utils: fix invalid memory access in fw3_bitlen2netmask() When fw3_bitlen2netmask() is invoked with a bit length of 128, the next byte after the end of struct in6_addr is errorneously zeroed, leading to a heap corruption on at least x86_64 with uclibc and possibly others. Prevent the invalid writes by explicitely testing for a bit count < 128. Signed-off-by: Jo-Philipp Wich --- diff --git a/utils.c b/utils.c index cb478bb..756633a 100644 --- a/utils.c +++ b/utils.c @@ -786,8 +786,12 @@ fw3_bitlen2netmask(int family, int bits, void *mask) i = abs(bits); memset(v6->s6_addr, 0xff, i / 8); - memset(v6->s6_addr + (i / 8) + 1, 0, (128 - i) / 8); - v6->s6_addr[i / 8] = 0xff << (8 - (i & 7)); + + if (i < 128) + { + memset(v6->s6_addr + (i / 8) + 1, 0, (128 - i) / 8); + v6->s6_addr[i / 8] = 0xff << (8 - (i & 7)); + } if (bits < 0) for (i = 0; i < 16; i++)