Differential D54607

ipfilter: Interface name must not extend beyond end of buffer
Needs ReviewPublic
Actions

Authored by cy on Thu, Jan 8, 8:59 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Mon, Jan 26, 10:59 AM

	Unknown Object (File)
	Fri, Jan 23, 4:53 PM

	Unknown Object (File)
	Tue, Jan 20, 3:21 PM

	Unknown Object (File)
	Tue, Jan 20, 12:01 PM

	Unknown Object (File)
	Tue, Jan 20, 3:17 AM

	Unknown Object (File)
	Mon, Jan 19, 5:21 PM

	Unknown Object (File)
	Sun, Jan 18, 2:29 AM

	Unknown Object (File)
	Wed, Jan 14, 9:41 AM

View All 21 Files

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

emaste
markj
glebius

Summary

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 week

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 69739
Build 66622: arc lint + arc unit

Event Timeline

cy created this revision.Thu, Jan 8, 8:59 PM

Herald added subscribers: vegeta_tuxpowered.net, melifaro, imp. · View Herald TranscriptThu, Jan 8, 8:59 PM

cy requested review of this revision.Thu, Jan 8, 8:59 PM

Harbormaster completed remote builds in B69735: Diff 169346.Thu, Jan 8, 8:59 PM

glebius added inline comments.Thu, Jan 8, 9:15 PM

sys/netpfil/ipfilter/netinet/fil.c
242	Can also be declared const.

cy marked an inline comment as done.Thu, Jan 8, 9:21 PM

Add const to interr_tbl

Harbormaster completed remote builds in B69736: Diff 169347.Thu, Jan 8, 9:23 PM

Whitespace change.

Harbormaster completed remote builds in B69737: Diff 169348.Thu, Jan 8, 9:23 PM

Made a couple of changes to ubreak the build.

Harbormaster completed remote builds in B69739: Diff 169353.Thu, Jan 8, 10:08 PM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

ipfilter/

netinet/

21 lines

Diff 169353

sys/netpfil/ipfilter/netinet/fil.c

Loading...