CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	gjb <gjb@FreeBSD.org>
	Thu, 8 Nov 2018 21:58:51 +0000 (21:58 +0000)
committer	gjb <gjb@FreeBSD.org>
	Thu, 8 Nov 2018 21:58:51 +0000 (21:58 +0000)
commit	6033b7ab1ac6064008c8d99b64d95ebb815e1e74
tree	3f78b708e794fd6622e0388330b52fa9e46cb5b3	tree \| snapshot
parent	f71184e2cc975a6c51cad637085d86e6f2fff68b	commit \| diff

MFC r340260 (emaste):
Avoid buffer underwrite in icmp_error

icmp_error allocates either an mbuf (with pkthdr) or a cluster depending
on the size of data to be quoted in the ICMP reply, but the calculation
failed to account for the additional padding that m_align may apply.

Include the ip header in the size passed to m_align. On 64-bit archs
this will have the net effect of moving everything 4 bytes later in the
mbuf or cluster. This will result in slightly pessimal alignment for
the ICMP data copy.

Also add an assertion that we do not move m_data before the beginning of
the mbuf or cluster.

Approved by: re (kib, insta-MFC)
Security: CVE-2018-17156
Sponsored by: The FreeBSD Foundation