Page MenuHomeFreeBSD
Differential D54607

ipfilter: Interface name must not extend beyond end of buffer
Needs ReviewPublic
Actions

Authored by cy on Jan 8 2026, 8:59 PM.
Tags
None
Referenced Files
F158260749: D54607.id169347.diff
Sat, May 30, 12:22 PM
F158245289: D54607.id169348.diff
Sat, May 30, 7:19 AM
F158235910: D54607.id169353.diff
Sat, May 30, 4:13 AM
F158235626: D54607.id.diff
Sat, May 30, 4:08 AM
F158206558: D54607.id169346.diff
Fri, May 29, 7:36 PM
Unknown Object (File)
Thu, May 28, 1:39 AM
Unknown Object (File)
Sun, May 17, 4:48 PM
Unknown Object (File)
Sun, May 17, 2:32 PM
View All 47 Files
Subscribers
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
emaste
markj
glebius
Summary

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.
We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 69737
Build 66620: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netpfil/
ipfilter/
netinet/
21 lines

Diff 169348

View Options

sys/netpfil/ipfilter/netinet/fil.c

Loading...