ipfilter: Avoid out of bounds read in ip_state
AbandonedPublic
Actions

Authored by cy on Wed, Oct 22, 11:31 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Oct 29, 1:37 AM

	Unknown Object (File)
	Wed, Oct 29, 1:36 AM

	Unknown Object (File)
	Wed, Oct 29, 1:36 AM

	Unknown Object (File)
	Wed, Oct 29, 1:33 AM

	Unknown Object (File)
	Sun, Oct 26, 10:46 AM

	Unknown Object (File)
	Sun, Oct 26, 10:44 AM

	Unknown Object (File)
	Sun, Oct 26, 10:43 AM

	Unknown Object (File)
	Sun, Oct 26, 10:42 AM

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

emaste
markj

Summary

Avoid out of bounds read due to uninitialized index in ip_state.c.
This plugs a kernel memory leak and possible DoS resolving NIC names.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 day

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 68036
Build 64919: arc lint + arc unit

Event Timeline

cy created this revision.Wed, Oct 22, 11:31 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro, imp. · View Herald TranscriptWed, Oct 22, 11:31 PM

cy requested review of this revision.Wed, Oct 22, 11:31 PM

Harbormaster completed remote builds in B68021: Diff 164819.Wed, Oct 22, 11:31 PM

Use strnlen() instead of strlen().

Harbormaster completed remote builds in B68036: Diff 164850.Thu, Oct 23, 5:27 AM

markj added inline comments.Thu, Oct 23, 1:51 PM

sys/netpfil/ipfilter/netinet/ip_state.c
945	This looks like it's supposed to check fr_names instead.

This is based on the misunderstanding that fr_names only contains interface names.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

ipfilter/

netinet/

ip_state.c

4 lines

Diff 164850

View Options

sys/netpfil/ipfilter/netinet/ip_state.c

ipfilter: Avoid out of bounds read in ip_stateAbandonedPublicActions