Date: Wed, 05 Jan 2022 18:19:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260958] pfctl: expand_rule: strlcpy Message-ID: <bug-260958-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260958 Bug ID: 260958 Summary: pfctl: expand_rule: strlcpy Product: Base System Version: 13.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: thomas@gibfest.dk Hello :) A fun bug where a long-ish ipv6 address used in a reply-to in a pf ruleset results in pfctl being unable to parse the ruleset. The issue boiled down to a one line ruleset, one with a 16 byte address (wh= ich fails) and the other with a 15 byte address (which works). [tykling@nuc1 ~]$ cat trigger=20 pass in reply-to { 2001:DB8:1234::5 } [tykling@nuc1 ~]$ pfctl -nf trigger=20 pfctl: expand_rule: strlcpy [tykling@nuc1 ~]$ echo $? 1 [tykling@nuc1 ~]$ cat notrigger=20 pass in reply-to { 2001:DB8:1234:: } [tykling@nuc1 ~]$ pfctl -nf notrigger=20 [tykling@nuc1 ~]$ echo $? 0 [tykling@nuc1 ~]$ uname -a FreeBSD nuc1.servers.bornhack.org 13.0-STABLE FreeBSD 13.0-STABLE #1 stable/13-d208638c5: Wed Jan 5 13:32:08 UTC 2022=20=20=20=20 root@nuc1.servers.bornhack.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC am= d64 [tykling@nuc1 ~]$=20 We first observed this on 12.2-STABLE a while back but I didn't get around = to reporting it until now, so I've just confirmed it is still an issue on a fr= esh 13-STABLE. Thanks! :) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260958-227>