Page MenuHomeFreeBSD
Differential D24447

pf: Do not allow negative ps_len in DIOCGETSTATES
ClosedPublic
Actions

Authored by kp on Apr 16 2020, 7:29 PM.
Tags
None
Referenced Files
F140678172: D24447.id70652.diff
Fri, Dec 26, 7:04 PM
Unknown Object (File)
Sat, Nov 29, 4:19 PM
Unknown Object (File)
Thu, Nov 27, 10:43 PM
Unknown Object (File)
Nov 24 2025, 5:40 AM
Unknown Object (File)
Nov 22 2025, 12:56 PM
Unknown Object (File)
Nov 22 2025, 7:45 AM
Unknown Object (File)
Nov 22 2025, 7:08 AM
Unknown Object (File)
Nov 11 2025, 11:40 PM
View All 71 Files
Subscribers
farrokhi
imp
melifaro

Details

Reviewers
donner
Group Reviewers
network
Commits
rS360042: pf: Do not allow negative ps_len in DIOCGETSTATES
Summary

Userspace may pass a negative ps_len value to us, which causes an
assertion failure in malloc().
Treat negative values as zero, i.e. return the required size.

Reported-by: syzbot+53370d9d0358ee2a059a@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netpfil/
pf/
2 lines

Diff 70688

View Options

head/sys/netpfil/pf/pf_ioctl.c

Loading...