Differential D24538

pf: Improve DIOCADDRULE validation
ClosedPublic
Actions

Authored by kp on Apr 22 2020, 7:11 PM.

Details

Reviewers

melifaro

Group Reviewers

network

Commits

rS360609: pf: Improve DIOCADDRULE validation

Summary

We expect the addrwrap.p.dyn value to be set to NULL (and assert such),
but do not verify it on input.

Reported-by: syzbot+936a89182e7d8f927de1@syzkaller.appspotmail.com

Diff Detail

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 30840
Build 28559: arc lint + arc unit

Event Timeline

kp created this revision.Apr 22 2020, 7:11 PM

Herald added subscribers: melifaro, farrokhi. · View Herald TranscriptApr 22 2020, 7:11 PM

Harbormaster completed remote builds in B30669: Diff 70888.Apr 22 2020, 7:11 PM

LGTM, please see some comments inline.

sys/netpfil/pf/pf_ioctl.c
1578	Maybe it's worth considering doing input validation before WLOCK/etc ?
1610	Nit: worth documenting why we don't want dyn to be set by userland?

This revision is now accepted and ready to land.Apr 29 2020, 7:12 PM

Move the check outside of the lock.

This revision now requires review to proceed.May 1 2020, 12:54 PM

Harbormaster completed remote builds in B30840: Diff 71238.May 1 2020, 12:54 PM

This revision was not accepted when it landed; it landed in state Needs Review.May 3 2020, 4:09 PM

Closed by commit rS360609: pf: Improve DIOCADDRULE validation (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rS360609: pf: Improve DIOCADDRULE validation.

Herald added a subscriber: imp. · View Herald TranscriptMay 3 2020, 4:09 PM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf_ioctl.c

5 lines

Diff 71238

View Options

pf: Improve DIOCADDRULE validationClosedPublicActions