From nobody Sun May 22 08:59:54 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 20C291B4553F; Sun, 22 May 2022 08:59:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L5ZCv0H1nz3CJH; Sun, 22 May 2022 08:59:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653209995; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DnNpO5G4yd7IpcrTI/kLtpE8M+Pm7fsBqev6jeNnF4A=; b=JanyLVxbglavQf97kSEnagD4twIB6oHj8qpYZhYfYTYIJQFJWNVj1zOeF4i2afMzxu0SVw WSqkMlNTg/cqbT290zrhX1RbC3o6xRTDkE+oXWUQJoV9RzpyoIXNXVQqHW5vHVHQnJv/ga 6H8Hh906PCq/0he7cYboHdBbvep7JuTuarlRszCtNjkh7ZHvhktUg91UBnd0ck1WCBHQRN yL+12JAUnfd1j/JwIrZobt5gD8VKpe50eb0LORsNRyfDRLUVYYmvLv95rjQaPSi3QPjPVk tWFkuQLvnBYhZ2sRd5IqPq6U3K3HYt1tYdtGRWIFfI8uBam3UPAYmFyZcjhJRQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D98A31871E; Sun, 22 May 2022 08:59:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24M8xsS4063661; Sun, 22 May 2022 08:59:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24M8xsBh063660; Sun, 22 May 2022 08:59:54 GMT (envelope-from git) Date: Sun, 22 May 2022 08:59:54 GMT Message-Id: <202205220859.24M8xsBh063660@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 298663855015 - main - pfctl: fix out-of-bounds access List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 298663855015c1eba7ccf5b88168f433653eb609 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653209995; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DnNpO5G4yd7IpcrTI/kLtpE8M+Pm7fsBqev6jeNnF4A=; b=CLNusuVZvx8u32udo2HAw4KAVljCd6Nf1/f3+21kFWmxlZE4XeqA4G46a9XOxMulrvK5i0 RLMstBSAvZ0QQQa/7WBD/vpHLo4dzn45s4TnOJG5wgPScAqEsm1TJAesYeiAlTvcSnxAn0 UAJMrsSg9veET+xWKYwIShnAhOXoy63xNUK3dobAfAk4f8eXCb2y6+6HKufm8CS2+ADfEk rC6FNQ6ycRWTzMT71bQe4xGkSGExtW6SFpiHTZRpj4RUDi01HgdZU4jvMxV9lJOxug9wh8 lV/c6pRBmla17otQqQeZHykeYZy5eL6S+GtEQuT7MFlOwEP1V+UAHsRo8CWENQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653209995; a=rsa-sha256; cv=none; b=JL93Jxb7AyadTnqs2upIdo9VRx1zqpGUFBL1NHX3l5Krkj4HhqN+5ai0g0rLvSa97vOd1l P7C9XS8vw6XzUrojt0GAn2nTjNITI8S0PS3P2DtNlub5Ql3PahzYQJBFdzm4bT6g1lmmD/ qZ3mxPb3Yo8S12MAQ38Yig3Yvfz3juQsz3Q5fsMSamh/K34flduQgUTWx0D+kPfgIhX0vI CwoBWSmZEny0rQHsuPeEfbxNTTI44oxVId5HpNb4458S+yVZBVmcslFNdwEOCJsEeUafF8 s1IQKc6LNN5C9iC32rVtKJBXk2AeuTNoQ+52oP+o5qy6L5muTiZcCMMp7pjv2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=298663855015c1eba7ccf5b88168f433653eb609 commit 298663855015c1eba7ccf5b88168f433653eb609 Author: Jessica Clarke AuthorDate: 2022-05-22 08:31:42 +0000 Commit: Kristof Provost CommitDate: 2022-05-22 08:31:42 +0000 pfctl: fix out-of-bounds access If pfctl is called with "pfctl -a ''" we read outside of the anchoropt buffer. Check that the buffer is sufficiently long to avoid that. Maintain the existing (and desired, because it's used as such in /etc/periodic/security/520.pfdenied) behaviour of treating "-a ''" as a request for the root anchor (or no anchor specified). PR: 264128 Reviewed by: kp --- sbin/pfctl/pfctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index a1f8e5fedd4c..93d26e53d71d 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2864,7 +2864,7 @@ main(int argc, char *argv[]) if (anchoropt != NULL) { int len = strlen(anchoropt); - if (anchoropt[len - 1] == '*') { + if (len >= 1 && anchoropt[len - 1] == '*') { if (len >= 2 && anchoropt[len - 2] == '/') anchoropt[len - 2] = '\0'; else