Date: Sat, 21 May 2022 17:29:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: =?UTF-8?B?W0J1ZyAyNjQxMjhdIE91dC1vZi1ib3VuZHMgcmVhZCBpbiBwZmN0?= =?UTF-8?B?bCg4KSB3aGVuIHJ1biB3aXRoIC1hIOKAnOKAnSAoYXMgaW4g4oCccGVyaW9k?= =?UTF-8?B?aWMgZGFpbHnigJ0pLg==?= Message-ID: <bug-264128-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264128 Bug ID: 264128 Summary: Out-of-bounds read in pfctl(8) when run with -a “” (as in “periodic daily”). Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: rwatson@FreeBSD.org When pfctl(8) is completed for CheriABI and run on an Arm Morello board, it experiences a crash when used with -a “”, as used by “periodic daily” every 24 hours: pid 1763 (pfctl), jid 0, uid 0: exited on signal 34 (core dumped) This seems to be reproducible (in CheriBSD) via: root@cheribsd:/tmp # /sbin/pfctl -a "" -sr -v -z In-address space security exception (core dumped) As described in https://github.com/CTSRD-CHERI/cheribsd/issues/1385, this is due to a buffer underflow when processing the -a argument. On CHERI-enabled hardware, this leads to a deterministic process crash. On non-CHERI hardware it silently continues. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264128-227>