Page MenuHomeFreeBSD
Differential D53281

ipfilter: Avoid out of bounds read in ip_state
Needs ReviewPublic
Actions

Authored by cy on Wed, Oct 22, 11:31 PM.

Details

Reviewers
emaste
markj
Summary

Avoid out of bounds read due to uninitialized index in ip_state.c.
This plugs a kernel memory leak and possible DoS resolving NIC names.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 day

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 68036
Build 64919: arc lint + arc unit

Event Timeline

cy created this revision.Wed, Oct 22, 11:31 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro, imp. · View Herald TranscriptWed, Oct 22, 11:31 PM
cy requested review of this revision.Wed, Oct 22, 11:31 PM
Harbormaster completed remote builds in B68021: Diff 164819.Wed, Oct 22, 11:31 PM
cy updated this revision to Diff 164850.Thu, Oct 23, 5:27 AM

Use strnlen() instead of strlen().

Harbormaster completed remote builds in B68036: Diff 164850.Thu, Oct 23, 5:27 AM
markj added inline comments.Thu, Oct 23, 1:51 PM
sys/netpfil/ipfilter/netinet/ip_state.c
945

This looks like it's supposed to check fr_names instead.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfilter/
netinet/
4 lines

Diff 164850

View Options

sys/netpfil/ipfilter/netinet/ip_state.c

Loading...