upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: Ensure that pfiio_name is always nul terminated

Browse source 
Reported by:	syzkaller
Reviewed by:	kp
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D35660
This commit is contained in:
Mark Johnston 2022-06-30 10:18:50 -04:00
parent d5a381f8c7
commit bc83b35922
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/netpfil/pf/pf_ioctl.c
View file

@ -5584,6 +5584,8 @@ DIOCCHANGEADDR_error:
break;
}
io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
bufsiz = io->pfiio_size * sizeof(struct pfi_kif);
ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif),
M_TEMP, M_WAITOK | M_ZERO);
@ -5599,6 +5601,8 @@ DIOCCHANGEADDR_error:
case DIOCSETIFFLAG: {
struct pfioc_iface *io = (struct pfioc_iface *)addr;
io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
PF_RULES_WLOCK();
error = pfi_set_flags(io->pfiio_name, io->pfiio_flags);
PF_RULES_WUNLOCK();
@ -5608,6 +5612,8 @@ DIOCCHANGEADDR_error:
case DIOCCLRIFFLAG: {
struct pfioc_iface *io = (struct pfioc_iface *)addr;
io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
PF_RULES_WLOCK();
error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags);
PF_RULES_WUNLOCK();