Fix integer overflow in IGMP protocol.

Security:	FreeBSD-SA-15:04.igmp
Security:	CVE-2015-1414
Found by:	Mateusz Kocielski, Logicaltrust
Analyzed by:	Marek Kroemeke, Mateusz Kocielski (shm@NetBSD.org) and
		22733db72ab3ed94b5f8a1ffcde850251fe6f466
Submited by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
Reviewed by:	bms

sys/netinet/igmp.c

@@ -1539,8 +1539,8 @@ igmp_input(struct mbuf **mp, int *offp, int proto)
 		case IGMP_VERSION_3: {
 				struct igmpv3 *igmpv3;
 				uint16_t igmpv3len;
-				uint16_t srclen;
-				int nsrc;
+				uint16_t nsrc;
+				int srclen;
 
 				IGMPSTAT_INC(igps_rcv_v3_queries);
 				igmpv3 = (struct igmpv3 *)igmp;