diff options
author | Kristof Provost <kp@FreeBSD.org> | 2024-05-24 11:20:12 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2024-05-28 20:27:22 +0000 |
commit | 6ee3e376823fc16b04ab45663661f27246e7b004 (patch) | |
tree | aa8ca8dc7cd608537284576db9a58064fb77f2ea | |
parent | cd2054d48bc6d16edb0fdb84a7e4006620883c1e (diff) | |
download | src-6ee3e376823fc16b04ab45663661f27246e7b004.tar.gz src-6ee3e376823fc16b04ab45663661f27246e7b004.zip |
pf: fix incorrect anchor_call to userspace
777a4702c changed how we copy out the anchor_call string, and
incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we
get the full anchor path, rather than just the first few characters.
PR: 279225
Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r-- | sys/net/pfvar.h | 2 | ||||
-rw-r--r-- | sys/netpfil/pf/pf_nl.c | 2 | ||||
-rw-r--r-- | sys/netpfil/pf/pf_ruleset.c | 14 |
3 files changed, 9 insertions, 9 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 88fb99ead84e..d1aa57a941cc 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -2474,7 +2474,7 @@ void pf_init_keth(struct pf_keth_ruleset *); int pf_kanchor_setup(struct pf_krule *, const struct pf_kruleset *, const char *); int pf_kanchor_copyout(const struct pf_kruleset *, - const struct pf_krule *, char *); + const struct pf_krule *, char *, size_t); int pf_kanchor_nvcopyout(const struct pf_kruleset *, const struct pf_krule *, nvlist_t *); void pf_kanchor_remove(struct pf_krule *); diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 307e1ca1689d..8f0349d6f121 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -982,7 +982,7 @@ pf_handle_getrule(struct nlmsghdr *hdr, struct nl_pstate *npt) nlattr_add_u64(nw, PF_RT_STATES_TOTAL, counter_u64_fetch(rule->states_tot)); nlattr_add_u64(nw, PF_RT_SRC_NODES, counter_u64_fetch(rule->src_nodes)); - error = pf_kanchor_copyout(ruleset, rule, anchor_call); + error = pf_kanchor_copyout(ruleset, rule, anchor_call, sizeof(anchor_call)); MPASS(error == 0); nlattr_add_string(nw, PF_RT_ANCHOR_CALL, anchor_call); diff --git a/sys/netpfil/pf/pf_ruleset.c b/sys/netpfil/pf/pf_ruleset.c index 38cc1eae419f..fc0651f8a0e8 100644 --- a/sys/netpfil/pf/pf_ruleset.c +++ b/sys/netpfil/pf/pf_ruleset.c @@ -368,16 +368,16 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s, int pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r, - char *anchor_call) + char *anchor_call, size_t anchor_call_len) { anchor_call[0] = 0; if (r->anchor == NULL) goto done; if (!r->anchor_relative) { - strlcpy(anchor_call, "/", sizeof(anchor_call)); + strlcpy(anchor_call, "/", anchor_call_len); strlcat(anchor_call, r->anchor->path, - sizeof(anchor_call)); + anchor_call_len); } else { char a[MAXPATHLEN]; char *p; @@ -391,7 +391,7 @@ pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r, p = a; *p = 0; strlcat(anchor_call, "../", - sizeof(anchor_call)); + anchor_call_len); } if (strncmp(a, r->anchor->path, strlen(a))) { printf("pf_anchor_copyout: '%s' '%s'\n", a, @@ -400,12 +400,12 @@ pf_kanchor_copyout(const struct pf_kruleset *rs, const struct pf_krule *r, } if (strlen(r->anchor->path) > strlen(a)) strlcat(anchor_call, r->anchor->path + (a[0] ? - strlen(a) + 1 : 0), sizeof(anchor_call)); + strlen(a) + 1 : 0), anchor_call_len); } if (r->anchor_wildcard) strlcat(anchor_call, anchor_call[0] ? "/*" : "*", - sizeof(anchor_call)); + anchor_call_len); done: @@ -419,7 +419,7 @@ pf_kanchor_nvcopyout(const struct pf_kruleset *rs, const struct pf_krule *r, char anchor_call[MAXPATHLEN] = { 0 }; int ret; - ret = pf_kanchor_copyout(rs, r, anchor_call); + ret = pf_kanchor_copyout(rs, r, anchor_call, sizeof(anchor_call)); MPASS(ret == 0); nvlist_add_string(nvl, "anchor_call", anchor_call); |