Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Jul 2022 13:50:25 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 5687381276d4 - stable/13 - pf: Ensure that pfiio_name is always nul terminated
Message-ID:  <202207141350.26EDoPvB067817@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=5687381276d40484258ee25f1ec39ed0526039c4

commit 5687381276d40484258ee25f1ec39ed0526039c4
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-06-30 14:18:50 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-07-14 13:49:48 +0000

    pf: Ensure that pfiio_name is always nul terminated
    
    Reported by:    syzkaller
    Reviewed by:    kp
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit bc83b3592241a6bcb18e1537fcd27a8eb342a701)
---
 sys/netpfil/pf/pf_ioctl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 6820d1f909e5..c765ee65c9bc 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -4729,6 +4729,8 @@ DIOCCHANGEADDR_error:
 			break;
 		}
 
+		io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
 		bufsiz = io->pfiio_size * sizeof(struct pfi_kif);
 		ifstore = mallocarray(io->pfiio_size, sizeof(struct pfi_kif),
 		    M_TEMP, M_WAITOK | M_ZERO);
@@ -4744,6 +4746,8 @@ DIOCCHANGEADDR_error:
 	case DIOCSETIFFLAG: {
 		struct pfioc_iface *io = (struct pfioc_iface *)addr;
 
+		io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
 		PF_RULES_WLOCK();
 		error = pfi_set_flags(io->pfiio_name, io->pfiio_flags);
 		PF_RULES_WUNLOCK();
@@ -4753,6 +4757,8 @@ DIOCCHANGEADDR_error:
 	case DIOCCLRIFFLAG: {
 		struct pfioc_iface *io = (struct pfioc_iface *)addr;
 
+		io->pfiio_name[sizeof(io->pfiio_name) - 1] = '\0';
+
 		PF_RULES_WLOCK();
 		error = pfi_clear_flags(io->pfiio_name, io->pfiio_flags);
 		PF_RULES_WUNLOCK();

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207141350.26EDoPvB067817>