diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-07-24 10:31:52 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-07-24 16:17:03 +0200 |
| commit | 6e2ec33f9d26d6b6ff33c92aaf93778eaec6579b (patch) | |
| tree | aa5b1f1d47436bc2bb3cbf23b90e620f396a0559 /src | |
| parent | a00ac1d9ee0b02b301c9986c019cec351662ddda (diff) | |
| download | strongswan-6e2ec33f9d26d6b6ff33c92aaf93778eaec6579b.tar.bz2 strongswan-6e2ec33f9d26d6b6ff33c92aaf93778eaec6579b.tar.xz | |
host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/networking/host.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c index d275a835e..a3622ebe1 100644 --- a/src/libstrongswan/networking/host.c +++ b/src/libstrongswan/networking/host.c @@ -597,13 +597,15 @@ host_t *host_create_netmask(int family, int netbits) this->address.sa_family = family; update_sa_len(this); - bytes = (netbits + 7) / 8; - bits = (bytes * 8) - netbits; + bytes = netbits / 8; + bits = 8 - (netbits & 0x07); memset(target, 0xff, bytes); - memset(target + bytes, 0x00, len - bytes); - target[bytes - 1] = bits ? (u_int8_t)(0xff << bits) : 0xff; - + if (bytes < len) + { + memset(target + bytes, 0x00, len - bytes); + target[bytes] = (u_int8_t)(0xff << bits); + } return &this->public; } |