Date: Mon, 3 Nov 2025 08:38:59 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: ba198fe8a03b - stable/13 - pf: improve add state validation Message-ID: <202511030838.5A38cx4H016362@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ba198fe8a03bbe1e11efcd651d7ef7c83837efbe commit ba198fe8a03bbe1e11efcd651d7ef7c83837efbe Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-10-29 10:40:52 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-11-03 08:34:26 +0000 pf: improve add state validation Both for the DIOCADDSTATE ioctl and for states imported through pfsync packets. Add a test case to exercise this code path. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit faacc0d968816cf8714c974b6d8df6191cfb0e0d) --- sys/netpfil/pf/if_pfsync.c | 3 +++ tests/sys/netpfil/pf/ioctl/validation.c | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index e071197f17ce..c43cb59d8705 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -475,6 +475,9 @@ pfsync_state_import(struct pfsync_state *sp, u_int8_t flags) PF_RULES_RASSERT(); + if (strnlen(sp->ifname, IFNAMSIZ) == IFNAMSIZ) + return (EINVAL); + if (sp->creatorid == 0) { if (V_pf_status.debug >= PF_DEBUG_MISC) printf("%s: invalid creator id: %08x\n", __func__, diff --git a/tests/sys/netpfil/pf/ioctl/validation.c b/tests/sys/netpfil/pf/ioctl/validation.c index 1ce8999dcb91..152a9678812b 100644 --- a/tests/sys/netpfil/pf/ioctl/validation.c +++ b/tests/sys/netpfil/pf/ioctl/validation.c @@ -32,6 +32,7 @@ #include <net/if.h> #include <net/pfvar.h> +#include <errno.h> #include <fcntl.h> #include <stdio.h> @@ -894,6 +895,29 @@ ATF_TC_CLEANUP(rpool_mtx2, tc) } +ATF_TC_WITH_CLEANUP(addstate); +ATF_TC_HEAD(addstate, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); +} + +ATF_TC_BODY(addstate, tc) +{ + struct pfioc_state st; + + COMMON_HEAD(); + + memset(&st, 'a', sizeof(st)); + st.state.timeout = PFTM_TCP_FIRST_PACKET; + + ATF_CHECK_ERRNO(EINVAL, ioctl(dev, DIOCADDSTATE, &st) == -1); +} + +ATF_TC_CLEANUP(addstate, tc) +{ + COMMON_CLEANUP(); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, addtables); @@ -918,6 +942,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, tag); ATF_TP_ADD_TC(tp, rpool_mtx); ATF_TP_ADD_TC(tp, rpool_mtx2); + ATF_TP_ADD_TC(tp, addstate); return (atf_no_error()); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511030838.5A38cx4H016362>