Page MenuHomeFreeBSD
Differential D14860

pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES
AbandonedPublic
Actions

Authored by kp on Mar 26 2018, 9:50 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 21 2025, 1:47 AM
Unknown Object (File)
Nov 21 2025, 1:46 AM
Unknown Object (File)
Nov 21 2025, 1:40 AM
Unknown Object (File)
Sep 21 2025, 7:25 PM
Unknown Object (File)
Sep 21 2025, 4:43 PM
Unknown Object (File)
Sep 21 2025, 3:20 PM
Unknown Object (File)
Sep 20 2025, 12:59 AM
Unknown Object (File)
Aug 8 2025, 3:54 AM
View All 25 Files
Subscribers
emaste
farrokhi
imp
lwhsu

Details

Reviewers
None
Group Reviewers
network
Summary

The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of
tables at a time, and as such try to allocate <number of tables> *
sizeof(struct pfr_table). This multiplication can overflow. Thanks to
mallocarray() this is not exploitable, but an overflow does panic the
system.

Arbitrarily limit this to 65535 tables. pfctl only ever processes one
table at a time, so it presents no issues there.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 15815

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
22 lines

Diff 40769

View Options

sys/netpfil/pf/pf_ioctl.c

Loading...