Page MenuHomeFreeBSD
Differential D24447

pf: Do not allow negative ps_len in DIOCGETSTATES
ClosedPublic
Actions

Authored by kp on Apr 16 2020, 7:29 PM.
Tags
None
Referenced Files
F137328765: D24447.id.diff
Sat, Nov 22, 12:56 PM
Unknown Object (File)
Sat, Nov 22, 7:45 AM
Unknown Object (File)
Sat, Nov 22, 7:08 AM
Unknown Object (File)
Tue, Nov 11, 11:40 PM
Unknown Object (File)
Mon, Nov 3, 12:49 PM
Unknown Object (File)
Mon, Nov 3, 12:48 PM
Unknown Object (File)
Sun, Oct 26, 5:07 AM
Unknown Object (File)
Oct 15 2025, 2:48 AM
View All 67 Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rS360042: pf: Do not allow negative ps_len in DIOCGETSTATES
Summary

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
pf/
2 lines

Diff 70688

View Options

head/sys/netpfil/pf/pf_ioctl.c

Loading...