Page MenuHomeFreeBSD
Differential D24447

pf: Do not allow negative ps_len in DIOCGETSTATES
ClosedPublic
Actions

Authored by kp on Apr 16 2020, 7:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 15, 3:04 AM
Unknown Object (File)
Fri, May 15, 3:04 AM
Unknown Object (File)
Thu, May 14, 3:22 PM
Unknown Object (File)
Thu, May 14, 8:08 AM
Unknown Object (File)
Wed, May 6, 9:41 PM
Unknown Object (File)
Sun, May 3, 7:13 PM
Unknown Object (File)
Tue, Apr 28, 10:04 PM
Unknown Object (File)
Tue, Apr 21, 12:59 AM
View All 92 Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rS360042: pf: Do not allow negative ps_len in DIOCGETSTATES
Summary

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
pf/
2 lines

Diff 70688

View Options

head/sys/netpfil/pf/pf_ioctl.c

Loading...