git: 298663855015 - main - pfctl: fix out-of-bounds access
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 22 May 2022 08:59:54 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=298663855015c1eba7ccf5b88168f433653eb609
commit 298663855015c1eba7ccf5b88168f433653eb609
Author: Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2022-05-22 08:31:42 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-05-22 08:31:42 +0000
pfctl: fix out-of-bounds access
If pfctl is called with "pfctl -a ''" we read outside of the anchoropt
buffer. Check that the buffer is sufficiently long to avoid that.
Maintain the existing (and desired, because it's used as such in
/etc/periodic/security/520.pfdenied) behaviour of treating "-a ''" as a
request for the root anchor (or no anchor specified).
PR: 264128
Reviewed by: kp
---
sbin/pfctl/pfctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index a1f8e5fedd4c..93d26e53d71d 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -2864,7 +2864,7 @@ main(int argc, char *argv[])
if (anchoropt != NULL) {
int len = strlen(anchoropt);
- if (anchoropt[len - 1] == '*') {
+ if (len >= 1 && anchoropt[len - 1] == '*') {
if (len >= 2 && anchoropt[len - 2] == '/')
anchoropt[len - 2] = '\0';
else