Date: Mon, 7 Jul 2025 15:08:07 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 8b8fae451c8e - main - pfctl: pfctl should check pfctl.astack is not overrun Message-ID: <202507071508.567F87qb017005@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8b8fae451c8ead8af978a4528631ca6b29eff30d commit 8b8fae451c8ead8af978a4528631ca6b29eff30d Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-07-02 16:27:30 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-07-07 15:06:52 +0000 pfctl: pfctl should check pfctl.astack is not overrun (bug found and fixed by Petr Hoffmann _at_ oracle.com) OK kn@ Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 12ebb2cc68 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sbin/pfctl/parse.y | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index d465599e1738..af1fb95398f8 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -958,6 +958,8 @@ pfa_anchor : '{' struct pfctl_ruleset *rs; /* stepping into a brace anchor */ + if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH) + errx(1, "pfa_anchor: anchors too deep"); pf->asd++; pf->bn++; @@ -1261,6 +1263,8 @@ etherpfa_anchor : '{' struct pfctl_eth_ruleset *rs; /* steping into a brace anchor */ + if (pf->asd >= PFCTL_ANCHOR_STACK_DEPTH) + errx(1, "pfa_anchor: anchors too deep"); pf->asd++; pf->bn++;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507071508.567F87qb017005>