diff options
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch')
-rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch new file mode 100644 index 000000000000..23f68ed9c3db --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-3077.patch @@ -0,0 +1,26 @@ +Index: sys/netinet/in_mcast.c +=================================================================== +--- sys/netinet/in_mcast.c (revision 254252) ++++ sys/netinet/in_mcast.c (working copy) +@@ -1648,6 +1648,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, +Index: sys/netinet6/in6_mcast.c +=================================================================== +--- sys/netinet6/in6_mcast.c (revision 254252) ++++ sys/netinet6/in6_mcast.c (working copy) +@@ -1625,6 +1625,8 @@ + * has asked for, but we always tell userland how big the + * buffer really needs to be. + */ ++ if (msfr.msfr_nsrcs > in6_mcast_maxsocksrc) ++ msfr.msfr_nsrcs = in6_mcast_maxsocksrc; + tss = NULL; + if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) { + tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs, |