From ec74e9cadcee267e1d2ff9e1b4339d6831414c63 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 25 Feb 2015 05:43:02 +0000
Subject: [PATCH] Instant MFC:

Fix integer overflow in IGMP protocol.

Security:	FreeBSD-SA-15:04.igmp
Security:	CVE-2015-1414
Found by:	Mateusz Kocielski, Logicaltrust
Analyzed by:	Marek Kroemeke, Mateusz Kocielski (shm@NetBSD.org) and
		22733db72ab3ed94b5f8a1ffcde850251fe6f466
Submited by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Reviewed by:	bms
Approved by:	so


git-svn-id: svn://svn.freebsd.org/base/stable/8@279263 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/netinet/igmp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c
index 33c470eca..2395228d0 100644
--- a/sys/netinet/igmp.c
+++ b/sys/netinet/igmp.c
@@ -1532,8 +1532,8 @@ igmp_input(struct mbuf *m, int off)
 		case IGMP_VERSION_3: {
 				struct igmpv3 *igmpv3;
 				uint16_t igmpv3len;
-				uint16_t srclen;
-				int nsrc;
+				uint16_t nsrc;
+				int srclen;
 
 				IGMPSTAT_INC(igps_rcv_v3_queries);
 				igmpv3 = (struct igmpv3 *)igmp;
-- 
2.45.0