Page MenuHomeFreeBSD
Differential D54607

ipfilter: Interface name must not extend beyond end of buffer
Needs ReviewPublic
Actions

Authored by cy on Thu, Jan 8, 8:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 9, 1:58 PM
Unknown Object (File)
Fri, Jan 9, 1:58 PM
Unknown Object (File)
Fri, Jan 9, 11:19 AM
Unknown Object (File)
Fri, Jan 9, 7:43 AM
Unknown Object (File)
Fri, Jan 9, 7:36 AM
Unknown Object (File)
Fri, Jan 9, 6:53 AM
Unknown Object (File)
Fri, Jan 9, 6:52 AM
Unknown Object (File)
Fri, Jan 9, 6:52 AM
View All 11 Files
Subscribers
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
emaste
markj
glebius
Summary

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 69739
Build 66622: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfilter/
netinet/
21 lines

Diff 169353

View Options

sys/netpfil/ipfilter/netinet/fil.c

Loading...