Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Sep 2025 11:54:19 GMT
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: c2d03a920ec7 - main - pfctl: fix anchortypes bounds test
Message-ID:  <202509151154.58FBsJks025276@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=c2d03a920ec75c431f0c6af0ad9cb6ae43e48dda

commit c2d03a920ec75c431f0c6af0ad9cb6ae43e48dda
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-08-20 14:26:00 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-09-15 09:32:33 +0000

    pfctl: fix anchortypes bounds test
    
    found by "buffer overflow 'anchortypes' 10 <= 12" smatch error
    feedback and ok sashan@, ok miod@ on an earlier version
    
    Obtained from:  OpenBSD, jsg <jsg@openbsd.org>, 730c5d0121
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl_parser.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index ce58e0636022..6df7af0cc574 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -853,21 +853,22 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer
 
 	if (verbose)
 		printf("@%d ", r->nr);
-	if (r->action == PF_MATCH)
-		printf("match");
-	else if (r->action > PF_NORDR)
-		printf("action(%d)", r->action);
-	else if (anchor_call[0]) {
-		p = strrchr(anchor_call, '/');
-		if (p ? p[1] == '_' : anchor_call[0] == '_')
-			printf("%s", anchortypes[r->action]);
-		else
-			printf("%s \"%s\"", anchortypes[r->action],
-			    anchor_call);
+	if (anchor_call[0]) {
+		if (r->action >= nitems(anchortypes)) {
+			printf("anchor(%d)", r->action);
+		} else {
+			p = strrchr(anchor_call, '/');
+			if (p ? p[1] == '_' : anchor_call[0] == '_')
+				printf("%s", anchortypes[r->action]);
+			else
+				printf("%s \"%s\"", anchortypes[r->action],
+				    anchor_call);
+		}
 	} else {
-		printf("%s", actiontypes[r->action]);
-		if (r->natpass)
-			printf(" pass");
+		if (r->action >= nitems(actiontypes))
+			printf("action(%d)", r->action);
+	else
+			printf("%s", actiontypes[r->action]);
 	}
 	if (r->action == PF_DROP) {
 		if (r->rule_flag & PFRULE_RETURN)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509151154.58FBsJks025276>