Page MenuHomeFreeBSD
Differential D33132

dummynet: Avoid an out-of-bounds read in do_config()
ClosedPublic
Actions

Authored by markj on Nov 26 2021, 4:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 8, 5:41 AM
Unknown Object (File)
Sat, Feb 7, 7:12 PM
Unknown Object (File)
Sat, Jan 31, 11:36 AM
Unknown Object (File)
Jan 5 2026, 8:54 PM
Unknown Object (File)
Dec 6 2025, 3:00 AM
Unknown Object (File)
Nov 26 2025, 11:26 PM
Unknown Object (File)
Nov 12 2025, 8:34 PM
Unknown Object (File)
Nov 4 2025, 8:44 AM
View All Files
Subscribers
ae
donner
glebius
imp
melifaro

Details

Reviewers
kp
Commits
rGd5ea04ee7ba6: dummynet: Avoid an out-of-bounds read in do_config()
Summary

do_config() processes a buffer of variable-length dummynet commands.
The loop which processes this buffer loads the fixed-length header
before checking whether there are any bytes left to read, so it performs
a 4-byte read past the end of the buffer before terminating.

Restructure the loop to avoid this.

Reported by: Jenkins (KASAN job)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfw/
4 lines

Diff 99170

View Options

sys/netpfil/ipfw/ip_dummynet.c

Loading...