Date: Thu, 25 Feb 2016 01:08:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-stable@FreeBSD.org Subject: [Bug 207463] [patch] stable/10/sys/netpfil/pf/pf_ioctl.c:pfioctl(DIOCRSETADDRS) buffer overflow Message-ID: <bug-207463-8075-84J7j5Kv9F@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-207463-8075@https.bugs.freebsd.org/bugzilla/> References: <bug-207463-8075@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207463 --- Comment #2 from Paul J Murphy <paul@inetstat.net> --- Yes, you are correct. My patch was sufficient only for the default usage by /sbin/pfctl, but left scope for other usage to cause problems. I've looked over your patch, and it looks good to me. The existing buffer protection c= ode in pfr_set_addrs() also looks like it will handle a smaller size2 cleanly. = I have just updated my releng/10.2 system to stable/10's sys/netpfil/pf and sbin/pfctl, with your patch applied to it, and it seems to both pass a quick and basic functionality test, and fix bug #192677 (it is now successfully replacing a pf table with over 130,000 addrs, where 10.2-p12 fails for anyt= hing over around 65,000). Thanks. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207463-8075-84J7j5Kv9F>