upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

netlink: Fully clear parser state between messages

Browse source 
Failing to reset the cookie between messages can lead to an attempt
to interpret a zeroed buffer as a struct nlattr, causing a length
calculation to underflow, resulting in a memcpy() call where the
length exceeds the actual size of the buffer.

MFC after:	1 week
PR:		283797
Reviewed by:	glebius
Differential Revision:	https://reviews.freebsd.org/D51634

(cherry picked from commit a8d90e3213)
This commit is contained in:
Dag-Erling Smørgrav 2025-07-31 12:06:47 +02:00 committed by Franco Fichtner
parent d23b1ed810
commit 9776e3d30f
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sys/netlink/netlink_io.c
View file

@ -520,6 +520,7 @@ static void
npt_clear(struct nl_pstate *npt)
{
lb_clear(&npt->lb);
npt->cookie = NULL;
npt->error = 0;
npt->err_msg = NULL;
npt->err_off = 0;