Page MenuHomeFreeBSD
Differential D54607

ipfilter: Interface name must not extend beyond end of buffer
Needs ReviewPublic
Actions

Authored by cy on Jan 8 2026, 8:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 27, 4:23 AM
Unknown Object (File)
Fri, Apr 17, 11:37 AM
Unknown Object (File)
Wed, Apr 15, 11:05 AM
Unknown Object (File)
Wed, Apr 15, 10:45 AM
Unknown Object (File)
Sun, Apr 12, 2:53 AM
Unknown Object (File)
Sun, Apr 5, 10:39 AM
Unknown Object (File)
Mar 19 2026, 5:51 PM
Unknown Object (File)
Mar 19 2026, 8:00 AM
View All 34 Files
Subscribers
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
emaste
markj
glebius
Summary

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 69737
Build 66620: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfilter/
netinet/
21 lines

Diff 169348

View Options

sys/netpfil/ipfilter/netinet/fil.c

Loading...