Page MenuHomeFreeBSD
Differential D24447

pf: Do not allow negative ps_len in DIOCGETSTATES
ClosedPublic
Actions

Authored by kp on Apr 16 2020, 7:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 3:48 PM
Unknown Object (File)
Oct 4 2024, 5:09 AM
Unknown Object (File)
Oct 1 2024, 3:38 AM
Unknown Object (File)
Sep 25 2024, 9:58 AM
Unknown Object (File)
Sep 25 2024, 9:58 AM
Unknown Object (File)
Sep 25 2024, 9:58 AM
Unknown Object (File)
Sep 25 2024, 9:52 AM
Unknown Object (File)
Sep 18 2024, 4:53 PM
View All 30 Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rS360042: pf: Do not allow negative ps_len in DIOCGETSTATES
Summary

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
pf/
2 lines

Diff 70688

View Options

head/sys/netpfil/pf/pf_ioctl.c

Loading...