From 2420e187332004b55d20ef7d2588a8defa35ffe6 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 13 Nov 2017 19:35:24 +0100
Subject: allowedips: do not write out of bounds

---
 src/allowedips.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/allowedips.c b/src/allowedips.c
index 279bdd4..3274c1f 100644
--- a/src/allowedips.c
+++ b/src/allowedips.c
@@ -13,11 +13,13 @@ struct allowedips_node {
 
 static inline void copy_and_assign_cidr(struct allowedips_node *node, const u8 *src, u8 cidr)
 {
-	memcpy(node->bits, src, (cidr + 7) / 8);
-	node->bits[(cidr + 7) / 8 - 1] &= 0xffU << ((8 - (cidr % 8)) % 8);
 	node->cidr = cidr;
 	node->bit_at_a = cidr / 8;
 	node->bit_at_b = 7 - (cidr % 8);
+	if (cidr) {
+		memcpy(node->bits, src, (cidr + 7) / 8);
+		node->bits[(cidr + 7) / 8 - 1] &= ~0U << ((8 - (cidr % 8)) % 8);
+	}
 }
 #define choose_node(parent, key) parent->bit[(key[parent->bit_at_a] >> parent->bit_at_b) & 1]
 
-- 
cgit v1.2.3-59-g8ed1b