allowedips: do not write out of bounds

author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-11-13 19:35:24 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-11-13 19:35:34 +0100
commit: 2420e187332004b55d20ef7d2588a8defa35ffe6 (patch)
tree: 3af5118be085f553c44e5560ff6a5ae5c2d01b37 /src
parent: selftest: allowedips: randomized test mutex update (diff)
download: wireguard-monolithic-historical-2420e187332004b55d20ef7d2588a8defa35ffe6.tar.xz
wireguard-monolithic-historical-2420e187332004b55d20ef7d2588a8defa35ffe6.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/allowedips.c b/src/allowedips.c
index 279bdd4..3274c1f 100644
--- a/src/allowedips.c
+++ b/src/allowedips.c
@@ -13,11 +13,13 @@ struct allowedips_node {
 
 static inline void copy_and_assign_cidr(struct allowedips_node *node, const u8 *src, u8 cidr)
 {
-	memcpy(node->bits, src, (cidr + 7) / 8);
-	node->bits[(cidr + 7) / 8 - 1] &= 0xffU << ((8 - (cidr % 8)) % 8);
 	node->cidr = cidr;
 	node->bit_at_a = cidr / 8;
 	node->bit_at_b = 7 - (cidr % 8);
+	if (cidr) {
+		memcpy(node->bits, src, (cidr + 7) / 8);
+		node->bits[(cidr + 7) / 8 - 1] &= ~0U << ((8 - (cidr % 8)) % 8);
+	}
 }
 #define choose_node(parent, key) parent->bit[(key[parent->bit_at_a] >> parent->bit_at_b) & 1]
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-11-13 19:35:24 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-11-13 19:35:34 +0100
commit	2420e187332004b55d20ef7d2588a8defa35ffe6 (patch)
tree	3af5118be085f553c44e5560ff6a5ae5c2d01b37 /src
parent	selftest: allowedips: randomized test mutex update (diff)
download	wireguard-monolithic-historical-2420e187332004b55d20ef7d2588a8defa35ffe6.tar.xz wireguard-monolithic-historical-2420e187332004b55d20ef7d2588a8defa35ffe6.zip