igmp: Avoid an out-of-bounds access when zeroing counters

When verifying, byte-by-byte, that the user-supplied counters are
zero-filled, sysctl_igmp_stat() would check for zero before checking the
loop bound.  Perform the checks in the correct order.

Reported by:	KASAN
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Mark Johnston 2021-05-05 17:06:23 -04:00
parent 9a7c2de364
commit 6c34dde83e

View File

@ -382,7 +382,7 @@ sysctl_igmp_stat(SYSCTL_HANDLER_ARGS)
* igps0 must be "all zero".
*/
p = (char *)&igps0;
while (*p == '\0' && p < (char *)&igps0 + sizeof(igps0))
while (p < (char *)&igps0 + sizeof(igps0) && *p == '\0')
p++;
if (p != (char *)&igps0 + sizeof(igps0)) {
error = EINVAL;