ipfilter: Interface name must not extend beyond end of buffer
Needs ReviewPublic
Actions

Authored by cy on Thu, Feb 5, 5:50 PM.

Tags

None

Referenced Files

	F146144833: D55133.diff
	Sat, Feb 28, 5:03 AM

	Unknown Object (File)
	Sun, Feb 22, 2:16 PM

	Unknown Object (File)
	Fri, Feb 20, 12:08 PM

	Unknown Object (File)
	Thu, Feb 19, 4:58 AM

	Unknown Object (File)
	Sun, Feb 15, 7:23 PM

	Unknown Object (File)
	Thu, Feb 12, 2:37 AM

	Unknown Object (File)
	Thu, Feb 12, 2:00 AM

	Unknown Object (File)
	Wed, Feb 11, 5:14 PM

Subscribers

imp

melifaro

vegeta_tuxpowered.net

Details

Reviewers

glebius
emaste
markj

Summary

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.

We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is an offset into fr_names in this
case only.

interr_tbl now becomes a static variable outside a function to facilitate
its use by two functins within fil.c

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 1 week

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 70439
Build 67322: arc lint + arc unit

Event Timeline

cy created this revision.Thu, Feb 5, 5:50 PM

Herald added subscribers: vegeta_tuxpowered.net, melifaro, imp. · View Herald TranscriptThu, Feb 5, 5:50 PM

cy requested review of this revision.Thu, Feb 5, 5:50 PM

Harbormaster completed remote builds in B70439: Diff 171258.Thu, Feb 5, 5:50 PM

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

ipfilter/

netinet/

fil.c

23 lines

Diff 171258

View Options

sys/netpfil/ipfilter/netinet/fil.c

ipfilter: Interface name must not extend beyond end of bufferNeeds ReviewPublicActions