git: 5687381276d4 - stable/13 - pf: Ensure that pfiio_name is always nul terminated
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Jul 2022 13:50:25 UTC
The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=5687381276d40484258ee25f1ec39ed0526039c4 commit 5687381276d40484258ee25f1ec39ed0526039c4 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2022-06-30 14:18:50 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2022-07-14 13:49:48 +0000 pf: Ensure that pfiio_name is always nul terminated Reported by: syzkaller Reviewed by: kp Sponsored by: The FreeBSD Foundation (cherry picked from commit bc83b3592241a6bcb18e1537fcd27a8eb342a701) --- sys/netpfil/pf/pf_ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 6820d1f909e5..c765ee65c9bc 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4729,6 +4729,8 @@ DIOCCHANGEADDR_error: break; } + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + bufsiz = io->pfiio_size * sizeof(struct pfi_kif); ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif), M_TEMP, M_WAITOK | M_ZERO); @@ -4744,6 +4746,8 @@ DIOCCHANGEADDR_error: case DIOCSETIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + PF_RULES_WLOCK(); error = pfi_set_flags(io->pfiio_name, io->pfiio_flags); PF_RULES_WUNLOCK(); @@ -4753,6 +4757,8 @@ DIOCCHANGEADDR_error: case DIOCCLRIFFLAG: { struct pfioc_iface *io = (struct pfioc_iface *)addr; + io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0'; + PF_RULES_WLOCK(); error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags); PF_RULES_WUNLOCK();