aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2024-06-04 12:55:02 +0000
committerKristof Provost <kp@FreeBSD.org>2024-06-11 06:06:04 +0000
commit8fb5dc88ad8edbf3ab2a60fff4c2af2ad71fceae (patch)
tree6e538791fa04d094b536063f63e23b1367d2f7f6
parent357d111ef71fabba9590d2f59a1539d5d27a1f82 (diff)
downloadsrc-8fb5dc88ad8edbf3ab2a60fff4c2af2ad71fceae.tar.gz
src-8fb5dc88ad8edbf3ab2a60fff4c2af2ad71fceae.zip
pf: fix overly large copy in pf_rule_to_krule()
The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX). Use the smaller of the sizes when copying. Reported by: CheriBSD MFC after: 1 week Event: Kitchener-Waterloo Hackathon 202406 (cherry picked from commit 4779b16fa61f858ad5c449834f550fbd5e162d98)
-rw-r--r--sys/netpfil/pf/pf_ioctl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 1a383ae6fd09..7c148d857144 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2071,7 +2071,8 @@ pf_rule_to_krule(const struct pf_rule *rule, struct pf_krule *krule)
krule->os_fingerprint = rule->os_fingerprint;
krule->rtableid = rule->rtableid;
- bcopy(rule->timeout, krule->timeout, sizeof(krule->timeout));
+ /* pf_rule->timeout is smaller than pf_krule->timeout */
+ bcopy(rule->timeout, krule->timeout, sizeof(rule->timeout));
krule->max_states = rule->max_states;
krule->max_src_nodes = rule->max_src_nodes;
krule->max_src_states = rule->max_src_states;