diff options
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch')
| -rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch new file mode 100644 index 000000000000..e6710e3bcb8b --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-9.1-cve-2013-5209.patch @@ -0,0 +1,19 @@ +Index: sys/netinet/sctp_output.c +=================================================================== +--- sys/netinet/sctp_output.c (revision 254337) ++++ sys/netinet/sctp_output.c (revision 254338) +@@ -5406,6 +5406,14 @@ + } + SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); + ++ /* ++ * We might not overwrite the identification[] completely and on ++ * some platforms time_entered will contain some padding. Therefore ++ * zero out the cookie to avoid putting uninitialized memory on the ++ * wire. ++ */ ++ memset(&stc, 0, sizeof(struct sctp_state_cookie)); ++ + /* the time I built cookie */ + (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); + |