Page MenuHomeFreeBSD

pf: Do not allow negative ps_len in DIOCGETSTATES
ClosedPublic

Authored by kp on Apr 16 2020, 7:29 PM.

Details

Summary

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.