HomeFreeBSD
Diffusion FreeBSD src repository 821774dfbdaa

ipfilter: Verify ipnat on entry into kernel
821774dfbdaa
Actions

Description

ipfilter: Verify ipnat on entry into kernel

The ipnat struct is built by ipnat(8), specifically ipnat_y.y when
parsing the ipnat configuration file (typically ipnat.conf). ipnat
contains a variable length string field at the end of the struct. This
data field, called in_names, may contain various text strings such as
NIC names. There is no upper bound limit to the length of strings as
long as the in_namelen length field specifies the length of in_names
within the ipnat structure and in_size specifies the size of the ipnat
structure itself.

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843

Details

Provenance
cyAuthored on Nov 3 2025, 4:59 AM
Reviewer
markj
Differential Revision
D53843: ipfilter: Thee commits to verify frentry_t->fr_names and ipnat_t->in_names
Parents
rGeda1756d0454: ipfilter: Verify frentry on entry into kernel
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sbin/
ipf/
libipf/
sys/
netpfil/
ipfilter/
netinet/

rG821774dfbdaa

View Options

sbin/ipf/libipf/interror.c

Loading...
View Options

sys/netpfil/ipfilter/netinet/ip_nat.c

Loading...