From 6e2ec33f9d26d6b6ff33c92aaf93778eaec6579b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 24 Jul 2013 10:31:52 +0200
Subject: host: Prevent overflow in host_create_netmask() if mask is 0 or
 32/128

---
 src/libstrongswan/networking/host.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/libstrongswan/networking/host.c')

diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c
index d275a835e..a3622ebe1 100644
--- a/src/libstrongswan/networking/host.c
+++ b/src/libstrongswan/networking/host.c
@@ -597,13 +597,15 @@ host_t *host_create_netmask(int family, int netbits)
 	this->address.sa_family = family;
 	update_sa_len(this);
 
-	bytes = (netbits + 7) / 8;
-	bits = (bytes * 8) - netbits;
+	bytes = netbits / 8;
+	bits = 8 - (netbits & 0x07);
 
 	memset(target, 0xff, bytes);
-	memset(target + bytes, 0x00, len - bytes);
-	target[bytes - 1] = bits ? (u_int8_t)(0xff << bits) : 0xff;
-
+	if (bytes < len)
+	{
+		memset(target + bytes, 0x00, len - bytes);
+		target[bytes] = (u_int8_t)(0xff << bits);
+	}
 	return &this->public;
 }
 
-- 
cgit v1.2.3