[Bug 264128] Out-of-bounds read in pfct l(8) when run with -a “” (as in “period ic daily”).

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 264128] Out-of-bounds read in pfct l(8) when run with -a “” (as in “period ic daily”)."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 21 May 2022 17:29:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264128

            Bug ID: 264128
           Summary: Out-of-bounds read in pfctl(8) when run with -a “” (as
                    in “periodic daily”).
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: rwatson@FreeBSD.org

When pfctl(8) is completed for CheriABI and run on an Arm Morello board, it
experiences a crash when used with -a “”, as used by “periodic daily” every 24
hours:

  pid 1763 (pfctl), jid 0, uid 0: exited on signal 34 (core dumped)

This seems to be reproducible (in CheriBSD) via:

  root@cheribsd:/tmp # /sbin/pfctl -a "" -sr -v -z
  In-address space security exception (core dumped)

As described in https://github.com/CTSRD-CHERI/cheribsd/issues/1385, this is
due to a buffer underflow when processing the -a argument.  On CHERI-enabled
hardware, this leads to a deterministic process crash.  On non-CHERI hardware
it silently continues.

-- 
You are receiving this mail because:
You are the assignee for the bug.