aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2022-06-30 14:18:50 +0000
committerMark Johnston <markj@FreeBSD.org>2022-06-30 14:31:26 +0000
commitbc83b3592241a6bcb18e1537fcd27a8eb342a701 (patch)
tree523f0f4e6bec911df0afa8ce2e889ba957461f8e
parentd5a381f8c7bcf9ec391540158a3859d8bcd1d007 (diff)
downloadsrc-bc83b3592241a6bcb18e1537fcd27a8eb342a701.tar.gz
src-bc83b3592241a6bcb18e1537fcd27a8eb342a701.zip
pf: Ensure that pfiio_name is always nul terminated
Reported by: syzkaller Reviewed by: kp MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35660
Diffstat
-rw-r--r--sys/netpfil/pf/pf_ioctl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index c50369a23aaf..3108536b58ab 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -5584,6 +5584,8 @@ DIOCCHANGEADDR_error:
break;
}
+ io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
bufsiz = io->pfiio_size * sizeof(struct pfi_kif);
ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif),
M_TEMP, M_WAITOK | M_ZERO);
@@ -5599,6 +5601,8 @@ DIOCCHANGEADDR_error:
case DIOCSETIFFLAG: {
struct pfioc_iface *io = (struct pfioc_iface *)addr;
+ io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
PF_RULES_WLOCK();
error = pfi_set_flags(io->pfiio_name, io->pfiio_flags);
PF_RULES_WUNLOCK();
@@ -5608,6 +5612,8 @@ DIOCCHANGEADDR_error:
case DIOCCLRIFFLAG: {
struct pfioc_iface *io = (struct pfioc_iface *)addr;
+ io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
PF_RULES_WLOCK();
error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags);
PF_RULES_WUNLOCK();
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-05 15:57:12 +0000