HomeFreeBSD

pf: Improve ioctl() input validation

Description

pf: Improve ioctl() input validation

Both DIOCCHANGEADDR and DIOCADDADDR take a struct pf_pooladdr from
userspace. They failed to validate the dyn pointer contained in its
struct pf_addr_wrap member structure.

This triggered assertion failures under fuzz testing in
pfi_dynaddr_setup(). Happily the dyn variable was overruled there, but
we should verify that it's set to NULL anyway.

Reported-by: syzbot+93e93150bc29f9b4b85f@syzkaller.appspotmail.com
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24431

Details

Provenance
kpAuthored on
Reviewer
emaste
Differential Revision
D24431: pf: Improve ioctl() input validation
Parents
rS360097: pfctl: Call ifa_load() before ifa_grouplookup()
Branches
Unknown
Tags
Unknown