host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
authorTobias Brunner <tobias@strongswan.org>
Wed, 24 Jul 2013 08:31:52 +0000 (10:31 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 24 Jul 2013 14:17:03 +0000 (16:17 +0200)
src/libstrongswan/networking/host.c

index d275a83..a3622eb 100644 (file)
@@ -597,13 +597,15 @@ host_t *host_create_netmask(int family, int netbits)
        this->address.sa_family = family;
        update_sa_len(this);
 
-       bytes = (netbits + 7) / 8;
-       bits = (bytes * 8) - netbits;
+       bytes = netbits / 8;
+       bits = 8 - (netbits & 0x07);
 
        memset(target, 0xff, bytes);
-       memset(target + bytes, 0x00, len - bytes);
-       target[bytes - 1] = bits ? (u_int8_t)(0xff << bits) : 0xff;
-
+       if (bytes < len)
+       {
+               memset(target + bytes, 0x00, len - bytes);
+               target[bytes] = (u_int8_t)(0xff << bits);
+       }
        return &this->public;
 }