Differential D53752

ipfilter: Verify ipnat on entry into kernel
Needs ReviewPublic
Actions

Authored by cy on Fri, Nov 14, 3:27 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Nov 14, 12:13 PM

	Unknown Object (File)
	Fri, Nov 14, 10:41 AM

	Unknown Object (File)
	Fri, Nov 14, 9:29 AM

	Unknown Object (File)
	Fri, Nov 14, 6:45 AM

	Unknown Object (File)
	Fri, Nov 14, 6:21 AM

	Unknown Object (File)
	Fri, Nov 14, 5:52 AM

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

emaste
markj

Summary

The ipnat struct is built by ipnat(8), specifically ipnat_y.y when
parsing the ipnat configuration file (typically ipnat.conf). ipnat
contains a variable length string field at the end of the struct. This
data field, called in_names, may contain various text strings such as
NIC names. There is no upper bound limit to the length of strings as
long as the in_namelen length field specifies the length of in_names
within the ipnat structure and in_size specifies the size of the ipnat
structure itself.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 68629
Build 65512: arc lint + arc unit

Event Timeline

cy created this revision.Fri, Nov 14, 3:27 AM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro, imp. · View Herald TranscriptFri, Nov 14, 3:27 AM

cy requested review of this revision.Fri, Nov 14, 3:27 AM

Harbormaster completed remote builds in B68629: Diff 166419.Fri, Nov 14, 3:27 AM

Revision Contents
Changeset List

Path

Size

sbin/

ipf/

libipf/

6 lines

sys/

netpfil/

ipfilter/

netinet/

54 lines

Diff 166419

sbin/ipf/libipf/interror.c

Loading...

sys/netpfil/ipfilter/netinet/ip_nat.c

Loading...