upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: fix overly large copy in pf_rule_to_krule()

Browse source 
The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in
struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX).
Use the smaller of the sizes when copying.

Reported by:	CheriBSD
MFC after:	1 week
Event:		Kitchener-Waterloo Hackathon 202406

(cherry picked from commit 4779b16fa61f858ad5c449834f550fbd5e162d98)
This commit is contained in:
Kristof Provost 2024-06-04 14:55:02 +02:00
parent 357d111ef7
commit 8fb5dc88ad
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/netpfil/pf/pf_ioctl.c
View file

@ -2071,7 +2071,8 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
krule->os_fingerprint = rule->os_fingerprint;
krule->rtableid = rule->rtableid;
bcopy(rule->timeout, krule->timeout, sizeof(krule->timeout));
/* pf_rule->timeout is smaller than pf_krule->timeout */
bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout));
krule->max_states = rule->max_states;
krule->max_src_nodes = rule->max_src_nodes;
krule->max_src_states = rule->max_src_states;