diff options
author | Kristof Provost <kp@FreeBSD.org> | 2024-06-04 12:55:02 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2024-06-11 06:06:11 +0000 |
commit | d92f239a92c448f2954fd4c14775a36532a78dc6 (patch) | |
tree | d0533335fdced7928337d9cbdbebc79b3444d6a0 | |
parent | 154dd1eaa643ffff4df525dca2e747490df61df3 (diff) | |
download | src-d92f239a92c448f2954fd4c14775a36532a78dc6.tar.gz src-d92f239a92c448f2954fd4c14775a36532a78dc6.zip |
pf: fix overly large copy in pf_rule_to_krule()
The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in
struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX).
Use the smaller of the sizes when copying.
Reported by: CheriBSD
MFC after: 1 week
Event: Kitchener-Waterloo Hackathon 202406
(cherry picked from commit 4779b16fa61f858ad5c449834f550fbd5e162d98)
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 98b5ce318596..a7f9f2604068 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1799,7 +1799,8 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule) krule->os_fingerprint = rule->os_fingerprint; krule->rtableid = rule->rtableid; - bcopy(rule->timeout, krule->timeout, sizeof(krule->timeout)); + /* pf_rule->timeout is smaller than pf_krule->timeout */ + bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout)); krule->max_states = rule->max_states; krule->max_src_nodes = rule->max_src_nodes; krule->max_src_states = rule->max_src_states; |