From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 24 Jul 2013 08:31:52 +0000 (+0200)
Subject: host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
X-Git-Tag: 5.1.0~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6e2ec33f9d26d6b6ff33c92aaf93778eaec6579b;p=thirdparty%2Fstrongswan.git

host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
---

diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c
index d275a835e6..a3622ebe19 100644
--- a/src/libstrongswan/networking/host.c
+++ b/src/libstrongswan/networking/host.c
@@ -597,13 +597,15 @@ host_t *host_create_netmask(int family, int netbits)
 	this->address.sa_family = family;
 	update_sa_len(this);
 
-	bytes = (netbits + 7) / 8;
-	bits = (bytes * 8) - netbits;
+	bytes = netbits / 8;
+	bits = 8 - (netbits & 0x07);
 
 	memset(target, 0xff, bytes);
-	memset(target + bytes, 0x00, len - bytes);
-	target[bytes - 1] = bits ? (u_int8_t)(0xff << bits) : 0xff;
-
+	if (bytes < len)
+	{
+		memset(target + bytes, 0x00, len - bytes);
+		target[bytes] = (u_int8_t)(0xff << bits);
+	}
 	return &this->public;
 }